We recommend upgrading to the latest Safari, Google Chrome, or Firefox. When I start barnyard2: /usr/local/barnyard2-1.13/bin/barnyard2 -c /usr/local/barnyard2-1.13/etc/barnyard2.conf -d /var/log/snort -w /var/log/barnyard2/snort_dmz2.log.waldo -vvv -f snort_dmz2.log It starts good. I enabled the general query log and this confirmed it to me. Nothing to install. Source
Oct 28 11:11:32 ids barnyard2:snort: Barnyard2 exiting mysql> SELECT sig_id , sig_name, sig_class_id, sig_priority, sig_rev FROM signature WHERE sig_gid = 139 AND sig_sid = 1; +--------+----------------------------------------------------------+--------------+--------------+---------+ | sig_id | sig_name | I have started up the system/snorts/barnyards that I was testing this on and have launched it so I will see what I can find. This can become a problem when your MySQL database contains records put there by a previous Barnyard2 version. From: John Ives
same for the other interfaces... > Well the pid is not the issue as each instance of barnyard has a different pid file numbered sequentially in the launching script. until the FATAL ERROR hits by2): [email protected]:/var/log/suricata# date; ps aux | grep barn Wed Oct 8 19:53:05 CEST 2014 root 8636 25.1 8.9 135536 91000 ? DELETE FROM sig_reference WHERE sig_id='732' AND ref_seq='ref_seq' AND ref_id='65615'; On Fri, Oct 18, 2013 at 1:30 AM, s-takehana [email protected]: cat /var/log/messages | grep "Duplicate entry" Oct 16 03:32:06 ids barnyard2:suricata: ERROR:
Barnyard2 by it self only generate one connection unless you defined two database output plugin which could also cause that especialy if both use the same configuration (check that also) Cheers. And even those are really just noise due to the NIC being in promiscuous mode. Supposedly, that is all that is needed. > However, I have not been able to make it work as all but one of the > barnyards will eventually crash. Oct 25 15:44:02 ids barnyard2:snort: Opened spool file '/var/log/snort/snort.log.1382637653' Oct 25 15:44:02 ids barnyard2:snort: ERROR database: Returned signature_id  is not equal to updated signature_id  in [dbSignatureInformationUpdate()] Oct 25 15:44:02
https://groups.google.com/forum/#!searchin/barnyard2-users/%22database$20mysql_error$3 \ A$20Duplicate$20entry%22$20primary On Wed, May 14, 2014 at 9:34 AM, c0re
duplicate entry: barnyard2: FATAL ERROR: database mysql_error: Duplicate entry '857-2' for key 'PRIMARY' SQL=[INSERT INTO sig_reference (ref_id,sig_id,ref_seq) VALUES ('392','857','2');]I can delete this record, but the error come back wit a different From: John Ives
The Snort package on pfSense now generates v2 sid-msg.map files for use by Barnyard2.However, there were apparently some important changes to the way Barnyard2 v1.3 interacts with a MySQL database as https://groups.google.com/d/topic/barnyard2-users/SrFLTCocw0Y Thought it was working after I updated snort and pfsense but the problem returned after an hour.Go to the BARNYARD tab and down in the MySQL DB section on all your My AccountSearchMapsYouTubePlayNewsGmailDriveCalendarGoogle+TranslatePhotosMoreShoppingWalletFinanceDocsBooksBloggerContactsHangoutsEven more from GoogleSign inHidden fieldsSearch for groups or messages SourceForge Browse Enterprise Blog Deals Help Create Log In or Join Solution Centers Go Parallel Resources Newsletters Cloud Storage Providers I will add this parameter to the Snort GUI page for Barnyard2 so that users experiencing this duplicate entry error can work around it.I think this explains why I have not
Each runs it's own instance of Barnyard with 2 different config files:/usr/pbi/snort-i386/etc/snort/snort_6190_em0/barnyard2.conf (WAN)/usr/pbi/snort-i386/etc/snort/snort_42710_em1/barnyard2.conf (LAN)When I start Barnyard2, it creates 2 processes from what I see in the logs:barnyard2: Writing PID "25584" http://theresab.com/fatal-error/fatal-error-0d.html Barnyard2 exiting I have fresh install of snort, pulledpork and barnyard2. stays up for about 5 minutes and then pukes Logged bmeeks Hero Member Posts: 2736 Karma: +622/-0 Re: If you are having Barnyard2 troubles with the last Snort update -- try On Mon, Oct 28, 2013 at 9:39 PM, s-takehana [email protected]: Did you clear the entries in sig_reference before testing the test branch?
but then suddenly another Connect arrives (48) which basically does the same queries once again. But restarting Snort Barnyard2 before restarting Suricata Barnyard2 reproduced the problem. But when I start snort, barnyard2 see new unifeid2 logs and tryed to insert in database and gives Fatal error: Opened spool file '/var/log/snort/snort_dmz2.log.1399902485' 05/12-17:48:05.783972 [**] [124:1:1]
MySQL database storage is InnoDB. Collaborator binf commented Oct 18, 2013 On Fri, Oct 18, 2013 at 6:11 AM, s-takehana [email protected] wrote: I've executed below SQL, but this issue still occurs. some apps have provisions for this while others do not...
From: Jeff Kell
Go to this URL to change > user options or unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users list archive: > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users > > Please visit http://blog.snort.org to stay current on all the >