I am setting up a snort ids box on Ubuntu 14.04 and I used the instructions to install it and configure everything using the documentation on the snort site. I wrote a daemon and put it in rc.local that was service barnyard2 restart. It ran fine for a few days, then base stopped getting anything from the box. I checked to see if barnyard2 was still running and it wasn't. So I ran:
I am setting up a snort ids box on Ubuntu 14.04 and I used the instructions to install it and configure everything using the documentation on the snort site. I wrote a daemon and put it in rc.local that was service barnyard2 restart. It ran fine for a few days, then base stopped getting anything from the box. I checked to see if barnyard2 was still running and it wasn't. So I ran:
sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort/ -f snort.u2 -w /var/log/snort/barnyard2.waldo -g snort -u snort
I got the following error message after it completed initialization:
Opened spool file '/var/log/snort/snort.u2.1449777024' 12/10-13:54:22.425028 [] [128:4:1] ssh: Protocol mismatch [] [Classification: Detection of a non-standard protocol or event] [Priority: 2] {TCP} 128.194.177.141:33279 -> 128.194.169.30:22 ERROR database: Returned signature_id [665] is not equal to updated signature_id [1176] in [dbSignatureInformationUpdate()] [dbProcessSignatureInformation()] Line[1556], call to dbSignatureInformationUpdate failed for : [gid :128] [sid: 4] [upd_rev: 1] [upd class: 25] [upd pri 2] ERROR: [dbProcessSignatureInformation()]: Failed, stoping processing Fatal Error, Quitting.. Barnyard2 exiting
I am not quite sure where to go from here. Any help will be incredibly beneficial.