Snort mailing list archives
Re: Barnyard2 error
From: beenph <beenph () gmail com>
Date: Wed, 24 Jul 2013 11:29:13 -0400
Make sure your snort output in unified2 format before using barnyard2 since barnyard2 will only process unified2 files -elz On Wed, Jul 24, 2013 at 11:09 AM, Abid Ayoub <abid.ayoub () gmail com> wrote:
Hi Thanks for the answer. but the probel that i get no result after i run snort. i got this : database: Closing connection to database "snort" =============================================================================== Record Totals: Records: 0 Events: 0 (0.000%) Packets: 0 (0.000%) Unknown: 0 (0.000%) Suppressed: 0 (0.000%) =============================================================================== Packet breakdown by protocol (includes rebuilt packets): ETH: 0 (0.000%) ETHdisc: 0 (0.000%) VLAN: 0 (0.000%) IPV6: 0 (0.000%) IP6 EXT: 0 (0.000%) IP6opts: 0 (0.000%) IP6disc: 0 (0.000%) IP4: 0 (0.000%) IP4disc: 0 (0.000%) TCP 6: 0 (0.000%) UDP 6: 0 (0.000%) ICMP6: 0 (0.000%) ICMP-IP: 0 (0.000%) TCP: 0 (0.000%) UDP: 0 (0.000%) ICMP: 0 (0.000%) TCPdisc: 0 (0.000%) UDPdisc: 0 (0.000%) ICMPdis: 0 (0.000%) FRAG: 0 (0.000%) FRAG 6: 0 (0.000%) ARP: 0 (0.000%) EAPOL: 0 (0.000%) ETHLOOP: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) DISCARD: 0 (0.000%) InvChkSum: 0 (0.000%) S5 G 1: 0 (0.000%) S5 G 2: 0 (0.000%) Total: 0 =============================================================================== So , is this normal ? where probably is the problem ? Thanks Abid 2013/7/24 beenph <beenph () gmail com>On Wed, Jul 24, 2013 at 10:47 AM, Abid Ayoub <abid.ayoub () gmail com> wrote:Hi, i did´t understand what what do you mean exactly but , if you mean that i am runnung snort or barnyard2 on background , the answer is no. Abid 2013/7/24 Abid Ayoub <abid.ayoub () gmail com>Hi, i did´t understand what what do you mean exactly but , if you mean that i am runnung snort or barnyard2 on background , the answer is no. AbidHi Abid, In the first message that you posted with the barnyard2 output, it does not seem like it refuse to run, you had two warning message. Message 1: [SignatureReferencePullDataStore()]: No Reference found in database ... Which mean that was no reference found in the sig_reference table Message 2: WARNING: Ignoring corrupt/truncated waldofile '/var/log/snort/barnyard2.waldo' Which mean it either didin't found the waldo file or that the waldo file had been incomplete, thus until it processes any events and write a good waldo file if you stop and start barnyard2 you will get that message. -elz
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 error Abid Ayoub (Jul 24)
- Re: Barnyard2 error beenph (Jul 24)
- Re: Barnyard2 error Abid Ayoub (Jul 24)
- Re: Barnyard2 error Abid Ayoub (Jul 24)
- Re: Barnyard2 error beenph (Jul 24)
- Re: Barnyard2 error Abid Ayoub (Jul 24)
- Re: Barnyard2 error beenph (Jul 24)
- Re: Barnyard2 error Abid Ayoub (Jul 24)
- Re: Barnyard2 error beenph (Jul 24)
- Re: Barnyard2 error Michael Steele (Jul 24)