Snort mailing list archives
Re: Help w/ barnyard2 issues
From: beenph <beenph () gmail com>
Date: Sat, 24 May 2014 13:29:59 -0400
Make sure you have removed all potential duplicates in your database especialy if you have upgraded from by2 < 2-1.13 to 2-1.13. Also you migh want to current current bug-fix-release which can be found here. https://github.com/binf/barnyard2/tree/bug-fix-release It fixes a few issues from 2-1.13 rel. Cheers, -elz On Tue, May 20, 2014 at 2:41 PM, Moore, Jim <jmoore () thebank com> wrote:
I have 2 issues w/ barnyard2 2.1.13 running on a Fedora 19 box. The box has 3 sensor interfaces w/ 3 snort instances and 3 barnyard2 instances. Each of the barnyard2 instances is writing output to a fast alert file and a remote Postgresql database. The first problem occurs during barnyard2 startup. When the instance initializes the database connection it encounters a fatal error like so: ERROR database: Query [SELECT sig_id FROM signature WHERE (sig_sid = '17688') AND (sig_gid = '1') AND (sig_rev = '9') AND (sig_class_id = '9') AND (sig_priority = '1') AND (sig_name = 'BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt'); ] returned more than one result So far, the only fix I have been able to come up w/ is to hand-remove the existing row from the signature table and restart 1 barnyard2 instance. The 2nd instance encounters the same error, so I repeat the process for all 3 instances. The second problem involves creating ASCII log output. I have found what appears to be some kind of error using BASE 1.4.5, in that the packet data logged w/ some alerts does not match the patterns defined in the alert signature. To help isolate the source of the problem I wanted to create ASCII log output along w/ database logging so I could compare the two results. But I have not been able to get ASCII log output at all. What would I have to do to generate ASCII log output? Run a separate barnyard2 instance just for ASCII logging? Run a separate snort instance w/ ASCII log output? Jim Moore -- James J. Moore, Network Administrator NexTier Bank 245 Pittsburgh Road Butler, PA 16001 jmoore () thebank com Phone: 724-214-6205 Cell: 724-355-6718 This message and any attachments are intended for the sole use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system. ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Help w/ barnyard2 issues Moore, Jim (May 20)
- Re: Help w/ barnyard2 issues John Ives (May 20)
- Re: Help w/ barnyard2 issues beenph (May 24)