Re: Barnyard2 issue w/unified2 ?

[John Ives <jives () security berkeley edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/15/2013 9:17 AM, beenph wrote:
> On Thu, Aug 15, 2013 at 11:52 AM, John Ives
> <jives () security berkeley edu> wrote:
> > My understanding from my own research is that for each instance
> > of snort on a system there needs to be an instance of barnyard2
> > each with its own configuration file.
>
> Each instance Need its own configuration file that will
> differentiate each instance especialy if you log to a database.
>
> If you log to syslog for example you can use only one configuration
> and spawn each by2 process with a script loop.

Trying to output it to a postgres db. I did a quick look in the
configuration, but I didn't see what option is used to differentiate
the instances, so I suspect this is the root of my issue.

> > Supposedly, that is all that is needed. However, I have not been
> > able to make it work as all but one of the barnyards will
> > eventually crash.
>
> Could you define crash? Which error was it reporting, etc...

As I mentioned this is a roadmap project, but there is no definitive
date, so I have been playing with it in my free time. As a result, I
don't remember exactly what the error said.  I have started up the
system/snorts/barnyards that I was testing this on and have launched
it so I will see what I can find. However, my experience was that the
barnyards will run for varying lengths of time before a problem occurs
(sometimes a few minutes and sometimes it takes a weekend).

Yours,

John

- -- 
- -------------------------------------------------------------------------
John Ives
System & Network Security                           Phone (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSDRTPAAoJEJkidK6qbywsqUcIAJsRE5JXO1YKr4O2cxahVOdc
+zLxUBFjJSJ2JiBlbMpBSR6yqNsCq+njRt/rRQgfOx1z2co0bQMcwmzjbKauSiNW
EddOfQtMRH3eBq3MRlmpzenjx1h9+S6k4ALhRIbqAAQa/lBFsYBw/8PZLo3WSTVd
u9Umbd231gX6A76R0zRWgFAuSUbv+glTEt+Yeb9du2o1ggwntE0LQmVvnUX3tPxQ
Rb0A41jN8WRka1Sif+g5ik2UkH/Si/xeSwjsl47PWWKyDBi2G0TuHK8wPMb5HnYy
LBJJPtfiumFG8Qt0sK5dPSFfbPCDkM8QOJLklWAtmKh73RJNUeIWtjsJmWgX3ec=
=E0zT
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!