barnyard2
barnyard2 copied to clipboard
firnsy
Found message WARNING database [Database()]: Called with Event[0x0]
Could you please help me check about error message below. I have been try to solved by delete waldo file and snort log file and tcp-dump-log but I still found this message. Please kindly guide me, How to solved it? Or is it possible to disable barnyard2 message log?
Mar 23 09:54:47 ips00 barnyard2: WARNING database [Database()]: Called with Event[0x0] Event Type 0acket [0x2b0c600], information has not been outputed. Mar 23 09:54:47 ips00 barnyard2: WARNING database [Database()]: Called with Event[0x0] Event Type 0acket [0x2b0c600], information has not been outputed. Mar 23 09:54:47 ips00 barnyard2: WARNING database [Database()]: Called with Event[0x0] Event Type 0acket [0x2b0c600], information has not been outputed
Thank you very much
Here is output config: *_barnyard2.conf_* output alert_full output log_tcpdump: tcpdump.log output database: log, mysql, user=snort password=xxxxx dbname=snorby host=localhost
***snort.conf *** output unified2: filename snort.u2
In your snort.conf you should use the unified2 output directive.
eg: output unified2: xxxxxxx and not output log_unified2 or output alert_unified2. Then stop snort,delete your old unified2 file and restart snort.
-elz
On Tue, Mar 24, 2015 at 5:39 AM, masterob1 [email protected] wrote:
Could you please help me check about error message below. I have been try to solved by delete waldo file and snort log file and tcp-dump-log but I still found this message. Please kindly guide me, How to solved it?
Mar 23 09:54:47 ips00 barnyard2: WARNING database [Database()]: Called with Event[0x0] Event Type 0 http://Packet [0x2b0c600], information has not been outputed. Mar 23 09:54:47 ips00 barnyard2: WARNING database [Database()]: Called with Event[0x0] Event Type 0 http://Packet [0x2b0c600], information has not been outputed. Mar 23 09:54:47 ips00 barnyard2: WARNING database [Database()]: Called with Event[0x0] Event Type 0 http://Packet [0x2b0c600], information has not been outputed
Thank you very much
— Reply to this email directly or view it on GitHub https://github.com/firnsy/barnyard2/issues/143.
Thank you very much for your reply. Currently, I have been used "output unified2: filename snort.u2" in snort configure file and do the same method as you recommended. After running server for awhile, I still found the same problem after I stop snort and delete old unified2 file and restart snort.
However, as I have try to increase barnyard's cache size to "60960" and try to do as your recommended again. This problem is solved. Thank you very much. But I'm not sure, is it correct way or not? Here is my configuration in barnyard2.conf "config event_cache_size: 60960"
Hi i have the same issue, i'm using Barnyard2 with suricata. In suricata configuration file output is set like: - unified2-alert: enbaled: yes filename: unified2.alert I need help, i'm stacked on this issue since 5 days now.
this problem is not occured from output unified2: problem. I recommened that you need to decresed session time out and maximum size of packet in snort.conf. This problem has been solved by tuning snort.conf in part of preprocessors. It depend on your server performance, you need to tuning it.
Thank you masterob1 for your reply, i'm using suricata (not big difference with snort). for tuning it i've enabled max-pending-packets and set it to 1024. i'm now looking for session time option in suricata.yaml if i find it i'll modify and let you know. thank you