barnyard2 zero records issue

[kay <kay.diam () gmail com>]

Hi everyone,

I have another annoying issue, barnyard2 always shows zero records. Snort
logs are full of data:

drwxr-xr-x. 2 snort snort 4096 Apr 20 17:19 .
drwxr-xr-x. 8 root root 4096 Apr 20 17:03 ..
-rw-r--r-- 1 root root 6735123 Apr 20 17:59 alert
-rw------- 1 snort snort 12684 Apr 20 17:57 portscan.log
-rw------- 1 snort snort 357105 Apr 20 17:59 snort.log.1334927945

Snort conf:

grep output snort.conf | grep -v '#'
output unified2: filename snort.log, limit 128
output alert_unified2: filename snort.alert, limit 128
output log_unified2: filename snort2.log, limit 128
output alert_syslog: LOG_AUTH LOG_ALERT

Barnyard's default config with the following command line:

/usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -G
/etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -d /var/log/snort/ -f
snort.log -w /var/log/barnyard2/barnyard2.waldo
Running in Continuous mode

--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/usr/local/etc/barnyard2.conf"
Log directory = /var/log/barnyard2

--== Initialization Complete ==--

______ -*> Barnyard2 <*-
/ ,,_ \ Version 2.1.10-beta2 (Build 266)
|o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/
+ '''' + (C) Copyright 2008-2011 Ian Firns <firnsy () securixlive com>

Using waldo file '/var/log/barnyard2/barnyard2.waldo':
spool directory = /var/log/snort
spool filebase = snort.log
time_stamp = 1334927945
record_idx = 0
Opened spool file '/var/log/snort/snort.log.1334927945'
Waiting for new data
===============================================================================
Record Totals:
Records: 0
Events: 0 (0.000%)
Packets: 0 (0.000%)
Unknown: 0 (0.000%)
===============================================================================
Packet breakdown by protocol (includes rebuilt packets):
ETH: 0 (0.000%)
ETHdisc: 0 (0.000%)
VLAN: 0 (0.000%)
IPV6: 0 (0.000%)
IP6 EXT: 0 (0.000%)
IP6opts: 0 (0.000%)
IP6disc: 0 (0.000%)
IP4: 0 (0.000%)
IP4disc: 0 (0.000%)
TCP 6: 0 (0.000%)
UDP 6: 0 (0.000%)
ICMP6: 0 (0.000%)
ICMP-IP: 0 (0.000%)
TCP: 0 (0.000%)
UDP: 0 (0.000%)
ICMP: 0 (0.000%)
TCPdisc: 0 (0.000%)
UDPdisc: 0 (0.000%)
ICMPdis: 0 (0.000%)
FRAG: 0 (0.000%)
FRAG 6: 0 (0.000%)
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
IPv4/IPv4: 0 (0.000%)
IPv4/IPv6: 0 (0.000%)
IPv6/IPv4: 0 (0.000%)
IPv6/IPv6: 0 (0.000%)
GRE: 0 (0.000%)
GRE ETH: 0 (0.000%)
GRE VLAN: 0 (0.000%)
GRE IPv4: 0 (0.000%)
GRE IPv6: 0 (0.000%)
GRE IP6 E: 0 (0.000%)
GRE PPTP: 0 (0.000%)
GRE ARP: 0 (0.000%)
GRE IPX: 0 (0.000%)
GRE LOOP: 0 (0.000%)
OTHER: 0 (0.000%)
DISCARD: 0 (0.000%)
InvChkSum: 0 (0.000%)
S5 G 1: 0 (0.000%)
S5 G 2: 0 (0.000%)
Total: 0
===============================================================================

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!