Skip to content

barnyard2 syslog warnings #76

Closed
snoep opened this Issue Mar 30, 2013 · 11 comments

4 participants

@snoep
snoep commented Mar 30, 2013

I'm running barnyard2 Version 2.1.12 (Build 321) on a suricata 1.4.1 sensor to an external database, running ubuntu 12.04 (both machines)

Corresponding config from barnyard2,cof

config reference_file: /etc/suricata/reference.config
config classification_file: /etc/suricata/classification.config
config gen_file: /etc/suricata/rules/gen-msg.map
config sid_file: /etc/suricata/rules/sid-msg.map
config event_cache_size: 32768
config logdir: /var/log/barnyard2/
config hostname: webserver
config interface: eth0
config alert_with_interface_name
config dump_payload
config waldo_file: /var/log/suricata/suricata.waldo
input unified2
output alert_fast: stdout
output database: log, mysql, dbname= user= password= host=

syslog is full with errormessages below. I know it's a warning, however I cannot judge if that means I'm missing data

I have been digging around in the docs, to no avail for a proper solution.

Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x4bf5dc0] Event Type 72acket [0x0], information has not been outputed.
Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x0] Event Type 0acket [0x4e261e0], information has not been outputed.
Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x4bf5e50] Event Type 72acket [0x0], information has not been outputed.
Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x0] Event Type 0acket [0x4e261e0], information has not been outputed.

@snoep
snoep commented Mar 30, 2013

Hmm. On this sensor I'm running ipv6. Dropped packets in the barnyard2 output matches the ipv6 counter.

any clue on when ipv6 is available/working in barnyard2?

Thanks

@binf
Collaborator
binf commented Mar 30, 2013
@snoep
snoep commented Mar 30, 2013
@binf
Collaborator
binf commented Apr 7, 2013

can close the issue.

@firnsy firnsy closed this Apr 8, 2013
@binf
Collaborator
binf commented May 11, 2014
@mattulm
mattulm commented Oct 16, 2014

@binf
Did you ever get a solution to this?
I have the same issue with snort as well.

@snoep
snoep commented Oct 16, 2014
@mattulm
@snoep
snoep commented Oct 16, 2014
@mattulm
@binf
Collaborator
binf commented Oct 17, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.