Snort + Barnyard2 FATAL ERROR
-
After I enabled Barnyard2 from snort interfaces list I get the error below:
barnyard2[89662]: FATAL ERROR: database [DatabaseInitFinalize()]: CacheSynchronize() call failed ... barnyard2[89662]: [CacheSynchronize()]:, SystemCacheSyncronize() call failed. barnyard2[89662]: [SystemPullDataStore()]: Failed exeuting query [SELECT ref_system_id, ref_system_name FROM reference_system;] , will retryThe reference_system table in snorby is empty and I have:
"Disable synchronization of sig_reference table in schema." Checked -
Have you double-checked and made sure all the DB permissions (and associated user) are correct for all the DB objects? This appears at first glance to indicate an issue over on the database side instead of the Barnyard2 side.
Bill
-
Have you double-checked and made sure all the DB permissions (and associated user) are correct for all the DB objects? This appears at first glance to indicate an issue over on the database side instead of the Barnyard2 side.
Bill
User has all permissions to the database and there are no error logs in MySQL when the user tries to access the database.
-
Got the same error today. Seems to be an error in combination with MariaDB. See also https://github.com/firnsy/barnyard2/issues/178
Unfortunately the barnyard2 package does not seem to be updated with this issue, so no fix there. (http://www.freshports.org/security/barnyard2)
-
Looking at the history of updates and pull request closures, it appears Barnyard2 is not as actively maintained as it once was. I have also noted that the FreeBSD port of Barnyard2 has not been updated either, but this may because there does not seem to be any new official releases of Barnyard2.
Bill
-
Same problem here…. :'(
-
I have abandoned the use of Barnyard2 on my personal firewall due to problems with it. I wish it was more dependable, but the constant problems finally wore out my patience. I was using it with Snorby.
Bill
-
I have abandoned the use of Barnyard2 on my personal firewall due to problems with it. I wish it was more dependable, but the constant problems finally wore out my patience. I was using it with Snorby.
Bill
Not really ontopic but what do u use as a frontend? I looked at www.aanval.com which has it's own proprietary shipping mechanism of the unified2 logs but this only allows for one sensor (really one interface)
-
I have abandoned the use of Barnyard2 on my personal firewall due to problems with it. I wish it was more dependable, but the constant problems finally wore out my patience. I was using it with Snorby.
Bill
Not really ontopic but what do u use as a frontend? I looked at www.aanval.com which has it's own proprietary shipping mechanism of the unified2 logs but this only allows for one sensor (really one interface)
Since it is just my home network firewall, I am not currently sending the log data anywhere. I just periodically review stuff directly on the firewall. I have not investigated using anything else since I dropped Snorby.
Bill
