search

firnsy / barnyard2

Barnyard2 is a dedicated spooler for Snort's unified2 binary output format.
GNU General Public License v2.0
344 stars 189 forks source link

barnyard2 not read new spool file #250

Closed viniropke99 closed 4 years ago

viniropke99 commented 4 years ago

--> Ele não pega os arquivos de logs do snort para ler. Por favor, alguém me ajude!!! --> It does not take snort log files to read. Please, someone help me !!!

sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/barnyard2/ -f snort.u2 -w /var/log/snort/barnyard2.waldo

Running in Continuous mode

    --== Initializing Barnyard2 ==--

Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/snort/barnyard2.conf"

+[ Signature Suppress list ]+

+[No entry in Signature Suppress List]+

+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048] Log directory = /var/log/barnyard2 INFO database: Defaulting Reconnect/Transaction Error limit to 10 INFO database: Defaulting Reconnect sleep time to 5 second

[CacheSynchronize()],INFO: No system was found in cache (from signature map file), will not process or synchronize informations found in the database

database: compiled support for (mysql) database: configured to use mysql database: schema version = 107 database: host = localhost database: user = snort database: database name = snort database: sensor name = vmviniropke99sbtres:NULL database: sensor id = 1 database: sensor cid = 2 database: data encoding = hex database: detail level = full database: ignore_bpf = no database: using the "alert" facility

    --== Initialization Complete ==--

__ -> Barnyard2 <- / ,,_ \ Version 2.1.14 (Build 337) |o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/

WARNING: Ignoring corrupt/truncated waldofile '/var/log/snort/barnyard2.waldo' Waiting for new spool file

FalcoGer commented 4 years ago

Make sure you have the u2 output file directory specified correctly.

-d <dir>   Spool files from <dir>

Make sure snort actually puts it's output there. Are you sure it's /var/log/barnyard2/ and not /var/log/snort/?

viniropke99 commented 4 years ago

Opa, já resolvi o problema. Mas neste momento estou com outro problema.

Barnyard2 tem suporte para IPv6, por que eu compilo, mas quando ele armazena no banco de dados ele armazena o IPv6 de maneira errada e no campo ip_src armazena como 0. Poderia me ajudar?

FalcoGer commented 4 years ago

Open another issue if there is a new problem and close this one. Please write in english.