Running Barnyard2 on Ubuntu 14.04 Daemon is supposed to start it up on boot

302 views

Skip to first unread message

Connor Borchgrevink

unread,

Dec 22, 2015, 5:03:39 PM12/22/15

to barnyard2-users

I am setting up a snort ids box on Ubuntu 14.04 and I used the instructions to install it and configure everything using the documentation on the snort site. I wrote a daemon and put it in rc.local that was service barnyard2 restart. It ran fine for a few days, then base stopped getting anything from the box. I checked to see if barnyard2 was still running and it wasn't. So I ran:

sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort/ -f snort.u2 -w /var/log/snort/barnyard2.waldo -g snort -u snort

I got the following error message after it completed initialization:

Opened spool file '/var/log/snort/snort.u2.1449777024'
12/10-13:54:22.425028 [**] [128:4:1] ssh: Protocol mismatch [**] [Classification: Detection of a non-standard protocol or event] [Priority: 2] {TCP} 128.194.177.141:33279 -> 128.194.169.30:22
ERROR database: Returned signature_id [665] is not equal to updated signature_id [1176] in [dbSignatureInformationUpdate()]
[dbProcessSignatureInformation()] Line[1556], call to dbSignatureInformationUpdate failed for :
[gid :128] [sid: 4] [upd_rev: 1] [upd class: 25] [upd pri 2]
ERROR: [dbProcessSignatureInformation()]: Failed, stoping processing
Fatal Error, Quitting..
Barnyard2 exiting

I am not quite sure where to go from here. Any help will be incredibly beneficial.

Noah Dietrich

unread,

Dec 24, 2015, 3:33:57 AM12/24/15

to barnyar...@googlegroups.com

Hi Connor,

you might try deleting the mysql database and re-creating it. you may want to also delete your current snort log files and the waldo file (you'll loose that data though)

# To Remove the loged data:

sudo rm /var/log/snort/*

sudo touch /var/log/snort/barnyard2.waldo

sudo chown snort.snort /var/log/snort/barnyard2.waldo

To delete and re-create the database, you'll want to log into mysql as root, then use DROP DATABASE snort;

(change 'snort' to the name of your database). more info here: http://www.liquidweb.com/kb/delete-a-mysql-database-on-linux-via-command-line/

re-create the database the same way you created it, probably something like:

$ mysql -u root -p

mysql> create database snort;

mysql> use snort;

mysql> source ~/snort_src/barnyard2-2-1.14-336/schemas/create_mysql

mysql> CREATE USER 'snort'@'localhost' IDENTIFIED BY 'MySqlSNORTpassword';

mysql> grant create, insert, select, delete, update on snort.* to 'snort'@'localhost';

mysql> exit

or (depending on the version of barnyard2 you are running)

$ mysql -u root -p

mysql> create database snort;

mysql> use snort;

mysql> source ~/snort_src/barnyard2-2-1.13/schemas/create_mysql

mysql> CREATE USER 'snort'@'localhost' IDENTIFIED BY 'MySqlSNORTpassword';

mysql> grant create, insert, select, delete, update on snort.* to 'snort'@'localhost';

mysql> exit

i'm not sure how to fixe the error you got, but these steps will help you get around that error and start working again. Note that you will loose any data though, since you're deleting your entire database.

Noah

--

---
You received this message because you are subscribed to the Google Groups "barnyard2-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to barnyard2-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages