|
|
|
Choosing A Webhost: |
Invalid packet length: msg#00003security.ids.snort.barnyard.user
I'm running BY on OpenBSD 3.7 (ultra 5 / sparc64) along with one instance of snort. When I start BY it fails with "ERROR: Invalid packet length: nnnnn". I've deleted the unified log several times and still get the same message. The NIC is a Intel PRO/1000MT (82545EM) that seems to work flawlessly. I'm not seeing any errors in dmesg or /var/log/messages. Startup, dry run and by.conf are below. Thoughts? Thanks, -Dusty ##### sh# /usr/local/bin/barnyard -c /etc/nsm/barnyard.conf -d /nsm -p /etc/nsm/classification.config -g /etc/nsm/gen-msg.map -s /etc/nsm/sid-msg.map -f betty_unified -w /nsm/waldo.file -X /nsm/run/barnyard.pid Barnyard Version 0.2.0 (Build 32) Opened spool file '/nsm/betty_unified.1122408003' OpSguil_Start ERROR: Invalid packet length: 1179661 Read error Fatal Error, Quitting.. Exiting ##### Dry run mode: Barnyard Version 0.2.0 (Build 32) Program Variables: Continual processing mode Config dir: /etc/nsm Config file: /etc/nsm/barnyard.conf Sid-msg file: /etc/nsm/sid-msg.map Gen-msg file: /etc/nsm/gen-msg.map Class file: /etc/nsm/classification.config Hostname: betty Interface: em0 BPF Filter: not port 22 Log dir: /var/log/snort Verbosity: 0 Localtime: 0 Spool dir: /nsm Spool file: betty_unified Bookmark file: /nsm/waldo.file Record Number: 0 Timet: 0 Start at end: 0 Output plugins enabled for 'alert' records ------------------------------------------------------- None configured ======================================================= Output plugins enabled for 'log' records ------------------------------------------------------- OpSguil configured ======================================================= Output plugins enabled for 'stream_stat' records ------------------------------------------------------- None configured ======================================================= ##### barnyard.conf: config hostname: betty config interface: em0 config filter: not port 22 output sguil: mysql, sensor_id 0, database sguildb.... ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Question on the logs.., lmarcilly |
|---|---|
| Next by Date: | Re: Invalid packet length, Paul Schmehl |
| Previous by Thread: | Question on the logs.., lmarcilly |
| Next by Thread: | Re: Invalid packet length, Paul Schmehl |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
