barnyard failing to start upon pulled pork update

["wgm-it" <at () wgm-it com>]

Hi,

Some problems to start Barnyard2 with new Snort 2.9.8.2 installation.

 

 

Step 1

sudo /usr/local/bin/snort -u snort -g snort -c /etc/snort/snort.conf -i eth0
-D

OK

 

Step 2

sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo -g snort -u snort -D

OK

 

Step3

mysql -u snort -p -D snort -e "select count(*) from event"

OK - MySQL events number  increases (e.g. after ping)

 

Step 4

Kill snort process

kill barnyard2 process

 

Step 5

sudo /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l 

Errors when generating Stub Rules

 

Step 6

sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo -g snort -u snort -D

barnyard2 hangs for 2 minutes

 

Step 7

mysql -u snort -p -D snort -e "select count(*) from event"

MySQL events number  remains constant (e.g. after ping)

 

 

Thanks a lot in advance for your cooperation.

 

 

Best regards

Alexej Teplitsky

Attachment: 1. barnyard2_log before rules update.txt
Description:

Attachment: 2. barnyard2_log after rules update.txt
Description:

Attachment: 3. pulledpork_log.txt
Description:

Attachment: 4. snort.conf
Description:

Attachment: 5. barnyard2.conf
Description:

Attachment: 6. pulledpork.conf
Description:

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!