Re: [barnyard2] barnyward2 syslog warnings (#76)
244 views
Skip to first unread message
beenph
Mar 30, 2013, 4:35:56 PM3/30/13
to firnsy/barnyard2, firnsy/barnyard2, barnyar...@googlegroups.com, barnyar...@googlegroups.com
On Sat, Mar 30, 2013 at 12:20 PM, snoep <notifi...@github.com> wrote:
>
> I'm running barnyard2 Version 2.1.12 (Build 321) on a suricata 1.4.1 sensor to an external database, running ubuntu 12.04 (both machines)
>
> Corresponding config from barnyard2,cof
>
> config reference_file: /etc/suricata/reference.config
> config classification_file: /etc/suricata/classification.config
> config gen_file: /etc/suricata/rules/gen-msg.map
> config sid_file: /etc/suricata/rules/sid-msg.map
> config event_cache_size: 32768
> config logdir: /var/log/barnyard2/
> config hostname: webserver
> config interface: eth0
> config alert_with_interface_name
> config dump_payload
> config waldo_file: /var/log/suricata/suricata.waldo
> input unified2
> output alert_fast: stdout
> output database: log, mysql, dbname= user= password= host=
>
> syslog is full with errormessages below. I know it's a warning, however I cannot judge if that means I'm missing data
>
> I have been digging around in the docs, to no avail for a proper solution.
>
> Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x4bf5dc0] Event Type 72acket [0x0], information has not been outputed.
> Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x0] Event Type 0acket [0x4e261e0], information has not been outputed.
> Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x4bf5e50] Event Type 72acket [0x0], information has not been outputed.
> Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x0] Event Type 0acket [0x4e261e0], information has not been outputed.
>
WARNING database [Database()]: Called with Event[0xFFFFFFFF] Event
Type XX Packet [0x0], information has not been outputed.
Means that a event was logged without a packet. This will generaly
happen when the cache is flushed, to make space for new event,
on event that have not been logged before.
WARNING database [Database()]: Called with Event[0x0] Event Type XX
Packet [0xFFFFFFFF], information has not been outputed.
Means that a packet without a event was processed and it was sent to
the output plugin
In both context your exposing above it concern UNIFIED2_IDS_EVENT_IPV6 72.
Barnyard2 and the current database schema does not support IPv6. A new
spooler is in the work and a new schema also.
(that is not backward compatible with current UI or existing tools).
Unfortunatly no date can be bound for those features for now.
Hoping this answer some of you questions.
-elz
>
> I'm running barnyard2 Version 2.1.12 (Build 321) on a suricata 1.4.1 sensor to an external database, running ubuntu 12.04 (both machines)
>
> Corresponding config from barnyard2,cof
>
> config reference_file: /etc/suricata/reference.config
> config classification_file: /etc/suricata/classification.config
> config gen_file: /etc/suricata/rules/gen-msg.map
> config sid_file: /etc/suricata/rules/sid-msg.map
> config event_cache_size: 32768
> config logdir: /var/log/barnyard2/
> config hostname: webserver
> config interface: eth0
> config alert_with_interface_name
> config dump_payload
> config waldo_file: /var/log/suricata/suricata.waldo
> input unified2
> output alert_fast: stdout
> output database: log, mysql, dbname= user= password= host=
>
> syslog is full with errormessages below. I know it's a warning, however I cannot judge if that means I'm missing data
>
> I have been digging around in the docs, to no avail for a proper solution.
>
> Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x4bf5dc0] Event Type 72acket [0x0], information has not been outputed.
> Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x0] Event Type 0acket [0x4e261e0], information has not been outputed.
> Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x4bf5e50] Event Type 72acket [0x0], information has not been outputed.
> Mar 30 16:54:02 web barnyard2[26331]: WARNING database [Database()]: Called with Event[0x0] Event Type 0acket [0x4e261e0], information has not been outputed.
>
WARNING database [Database()]: Called with Event[0xFFFFFFFF] Event
Type XX Packet [0x0], information has not been outputed.
Means that a event was logged without a packet. This will generaly
happen when the cache is flushed, to make space for new event,
on event that have not been logged before.
WARNING database [Database()]: Called with Event[0x0] Event Type XX
Packet [0xFFFFFFFF], information has not been outputed.
Means that a packet without a event was processed and it was sent to
the output plugin
In both context your exposing above it concern UNIFIED2_IDS_EVENT_IPV6 72.
Barnyard2 and the current database schema does not support IPv6. A new
spooler is in the work and a new schema also.
(that is not backward compatible with current UI or existing tools).
Unfortunatly no date can be bound for those features for now.
Hoping this answer some of you questions.
-elz
Michel Renard
May 11, 2014, 11:30:05 AM5/11/14
to barnyar...@googlegroups.com, firnsy/barnyard2, firnsy/barnyard2, barnyar...@googlegroups.com
Hello
I have the same problem snoep
Starting from version 2.1.13 and I IPV6 option is enabled, install, I still have the error in the log messages, how can I do to get rid of it?
Thank you for your help
Michel
I have the same problem snoep
Starting from version 2.1.13 and I IPV6 option is enabled, install, I still have the error in the log messages, how can I do to get rid of it?
Thank you for your help
Michel
Reply all
Reply to author
Forward
0 new messages