Snort 2.9.3.1 / Barnyard2 2.1.9 Problem

["Berndt, Achim" <aberndt () studio-hamburg de>]

Hi,

I have installed the new version of snort and tried to log to mysql via barnyard2.
Unfortunately barnyard2 crashed every time, if it read the merged unified2 logfile?!
Following message appears in the messages logfile:

Aug 20 08:56:46 ids1 barnyard2: Log directory = /var/log/barnyard2
Aug 20 08:56:46 ids1 barnyard2: Initializing daemon mode
Aug 20 08:56:46 ids1 barnyard2: Daemon parent exiting
Aug 20 08:56:46 ids1 barnyard2: Daemon initialized, signaled parent pid: 20379
Aug 20 08:56:46 ids1 barnyard2: PID path stat checked out ok, PID path set to /var/run/
Aug 20 08:56:46 ids1 barnyard2: Writing PID "20382" to file "/var/run//barnyard2_eth0.pid"
Aug 20 08:56:47 ids1 barnyard2: database: inconsistent cid information for sid=11
Aug 20 08:56:47 ids1 barnyard2:           Recovering by rolling forward the cid=1
Aug 20 08:56:47 ids1 barnyard2: database: compiled support for (mysql)
Aug 20 08:56:47 ids1 barnyard2: database: configured to use mysql
Aug 20 08:56:47 ids1 barnyard2: database: schema version = 107
Aug 20 08:56:47 ids1 barnyard2: database:           host = localhost
Aug 20 08:56:47 ids1 barnyard2: database:           user = SnortLogUser
Aug 20 08:56:47 ids1 barnyard2: database:  database name = SnortLog
Aug 20 08:56:47 ids1 barnyard2: database:    sensor name = ids1:eth0
Aug 20 08:56:47 ids1 barnyard2: database:      sensor id = 11
Aug 20 08:56:47 ids1 barnyard2: database:     sensor cid = 2
Aug 20 08:56:47 ids1 barnyard2: database:  data encoding = hex
Aug 20 08:56:47 ids1 barnyard2: database:   detail level = full
Aug 20 08:56:47 ids1 barnyard2: database:     ignore_bpf = no
Aug 20 08:56:47 ids1 barnyard2: database: using the "log" facility
Aug 20 08:56:47 ids1 barnyard2:
Aug 20 08:56:47 ids1 barnyard2:         --== Initialization Complete ==--
Aug 20 08:56:47 ids1 barnyard2: Barnyard2 initialization completed successfully (pid=20382)
Aug 20 08:56:47 ids1 barnyard2: Using waldo file '/var/log/snort/barnyard2.waldo':#012    spool directory = 
/var/log/snort#012    spool filebase  = snort.unified2#012    time_stamp      = 1345395953#012    record_idx      = 2
Aug 20 08:56:47 ids1 barnyard2: Opened spool file '/var/log/snort/snort.unified2.1345395953'
Aug 20 08:56:47 ids1 kernel: [238651.810367] barnyard2[20382] general protection ip:413727 sp:7fffc55d6660 error:0 in 
barnyard2[400000+32000]

Any ideas?

Regards
Achim
-------------------------
Achim Berndt
System & Network Administration
IT-Services

Studio Hamburg GmbH
Jenfelder Allee 80 | Haus PM
22039 Hamburg
Telefon: +49 (40) 6688-3177
Telefax: +49 (40) 6688-5577

aberndt () studio-hamburg de<mailto:aberndt () studio-hamburg de>
www.studio-hamburg.de<http://www.studio-hamburg.de>

........................................................

Aufsichtsratsvorsitzender
Lutz Marmor

Geschäftsführung
Prof. Carl Bergengruen (Vorsitzender)
Dr. Robin Houcken

Amtsgericht Hamburg
66 HRB 9032
-------------------------

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!