Barnyard "Invalid packet length" error

["Wolf, Brian" <Brian.Wolf () richardson k12 tx us>]

I'm trying to get barnyard working with snort, but it always fails with
an "Invalid packet length" error.  My setup is:

        RedHat Enterprise AS 3
        snort 2.1.2
        barnyard 0.2.0
        mysql 12.22 Distrib 4.0.18

Snort, barnyard, and mysql were all built from source and are running on
the same machine.  


Snort output config:

                output alert_unified: filename snort.binalert, limit 128
                output log_unified: filename snort.binlog, limit 128



Snort command line:

                /usr/local/snort/bin/snort -i eth0 -D -X -o -c
/usr/local/snort/snort.conf -l /usr/local/snort/log



Barnyard config:

                config hostname: localhost
                config interface: lo
                config filter: not port 22
                output log_acid_db: mysql, database snort, server
localhost, user snort, password <passwd>, detail full


Barnyard command line:

                /usr/local/snort/bin/barnyard -c
/usr/local/snort/barnyard.conf \
                                              -d /usr/local/snort/log \
                                              -w
/usr/local/snort/bin/waldo.chk \
                                              -f snort.binlog \
                                              -g
/usr/local/snort/rules/gen-msg.map \
                                              -s
/usr/local/snort/rules/sid-msg.map


Run results:

                Barnyard Version 0.2.0 (Build 32)
                Opened spool file
'/usr/local/snort/log/snort.binlog.1090597145'
                ERROR: Invalid packet length: 299008
                Read error
                Fatal Error, Quitting..
                Exiting



The number listed as the invalid packet length changes from run to run.

Any suggestions?


- Brian