snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] Barnyard2 on OS X

Re: [Snort-users] Barnyard2 on OS X

From: firnsy <firnsy_at_nospam>
Date: Sun May 10 2009 - 11:45:54 GMT
To: "'James Lay'" <jlay@slave-tothe-box.net>


G’day James,

I can understand your frustration with Snort/Barnyard2 and mysql as it can be a real beast at the best of times.

We will take this latest report and attempt to track down the problem indicated. One little piece of information that I am unable to glean from this is the actual barnyard version you were using, I'm guessing it was the latest beta3.

  • firnsy

From: James Lay [mailto:jlay@slave-tothe-box.net] Sent: Saturday, 9 May 2009 11:24 PM
To: Snort
Subject: [Snort-users] Barnyard2 on OS X

Well..not sure what happened...everything was running well, but now I get: Process: barnyard2 [19515] Path: /usr/local/bin/barnyard2 Identifier: barnyard2 Version: ??? (???) Code Type: X86 (Native)
Parent Process: bash [19369] Date/Time: 2009-05-09 07:46:56.727 -0600 OS Version: Mac OS X Server 10.5.6 (9G55) Report Version: 6

Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x000000000000000c Crashed Thread: 0

Thread 0 Crashed: 0 barnyard2 0x0001cae4 Database + 228
(_OSByteOrder.h:59)
1 barnyard2 0x00012eba CallOutputPlugins + 90
(plugbase.c:557)
2 barnyard2 0x000142cc spoolerProcessRecord + 460
(spooler.c:709)
3 barnyard2 0x0001486a ProcessContinuous + 1162
(spooler.c:501)
4 barnyard2 0x00003bee BarnyardMain + 2286
(barnyard2.c:560)
5 barnyard2 0x00003ea8 main + 24 (barnyard2.c:236) 6 barnyard2 0x00001c56 start + 54

Thread 0 crashed with X86 Thread State (32-bit): eax: 0x00807400 ebx: 0x0001ca0b ecx: 0xfffffffa edx: 0x00000000 edi: 0x00101700 esi: 0x00000000 ebp: 0xbffff928 esp: 0xbffff7d0 ss: 0x0000001f efl: 0x00010206 eip: 0x0001cae4 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0x0000000c

Binary Images:
0x1000 - 0x26fff +barnyard2 ??? (???) <7a21a85d7bc67512b33a2482af175f31> /usr/local/bin/barnyard2 0x77000 - 0x9fff7 +libmysqlclient.15.dylib ??? (???) /usr/local/mysql/lib/mysql/libmysqlclient.15.dylib 0x8fe00000 - 0x8fe2db43 dyld 97.1 (???) <100d362e03410f181a34e04e94189ae5> /usr/lib/dyld
0x92e97000 - 0x92ea5ffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x952cf000 - 0x952d6fe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x95352000 - 0x95356fff libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib
0x96533000 - 0x9669aff3 libSystem.B.dylib ??? (???) <d68880dfb1f8becdbdac6928db1510fb> /usr/lib/libSystem.B.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib

I’ve all but given up on using snort with mysql...too much stuff to do when all I really want to see (at least here at home) is the syslog and pcap file. FYIW I guess.

James



The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users