Snort mailing list archives

Re: problems with using barnyard 2-1.2

From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Mon, 29 Mar 2010 22:21:35 -0500

--On March 30, 2010 12:59:13 PM +1300 Russell Fulton 
<r.fulton () auckland ac nz> wrote:

I've finally got around to tweaking the schema in the snort database and
am now moving to using barnyard 2-1.2  but I am getting these errors in
the syslog:

barnyard: WARNING: No function defined to read header.

and no checkpoint file created ?

Looks like it does not know what data basetype to use.

configured with --with-mysql and mysql given in conf file...


Russell, what OS?

Your conf file should look something like this:

$ less /usr/local/etc/barnyard2.conf
#-------------------------------------------------------------
#  Barnyard2 configuration file
#
#  http://www.securixlive.com/barnyard
#
#  Contact: dev () securixlive com
#-------------------------------------------------------------

# set the appropriate paths to the file(s) your Snort process is using
config reference-map:   /usr/local/etc/snort/reference.config
config class-map:       /usr/local/etc/snort/classification.config
config gen-msg-map:     /usr/local/etc/snort/gen-msg.map
config sid-msg-map:     /usr/local/etc/snort/sid-msg.map

config hostname:        hostname
config interface:       eth0

# Step 2: setup the input plugins
input unified2

output database: log, mysql, user=user password=password dbname=snort 
host=localhost

Paul Schmehl


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

problems with using barnyard 2-1.2 Russell Fulton (Mar 29)
- Re: problems with using barnyard 2-1.2 Lee Clemens (Mar 29)
- Re: problems with using barnyard 2-1.2 Paul Schmehl (Mar 29)
  - Re: problems with using barnyard 2-1.2 firnsy (Mar 30)