crice01

Barnyard2: WARNING: Can't extract timestamp from...

6 posts in this topic

Install went OK, but all I get from barnyard2 is:

WARNING: Can't extract timestamp from 'merged.log' using base 'merged.log'

Any ideas how to correct this issue?

Share this post


Link to post
Share on other sites

The error indicates that Barnyard2 is having an issue with the time stamp on the snort.log file.

Log file name Example: merged.log.1377185664

If there is no time stamp on the d:/winids/log/merged.log file then check  the snort.conf lines below for accuracy.

Original Line(s): # output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
Change to: output unified2: filename merged.log, limit 128

Share this post


Link to post
Share on other sites

OK, that got me working!

I had: 'output unified2: filename merged.log, limit 128 #, nostamp, mpls_event_types, vlan_event_types' in my snort configuration.

Removing the '#, nostamp, mpls_event_types, vlan_event_types' portion has made everything much happier.

Thanks for your help.

Share this post


Link to post
Share on other sites

Hi there,

I just upgraded to Snort 2.9.7.3 and I have this issue.  I followed the recommended fix but it didn't resolve the issue.  Anything else it could be?  I was wondering if perhaps it could be that barnyard2 needs to be rebuilt for 2.9.7.3?

Here's my config...

snort.conf

Share this post


Link to post
Share on other sites
On ‎5‎/‎26‎/‎2015 at 8:33 PM, jgreninger said:

Hi there,

I just upgraded to Snort 2.9.7.3 and I have this issue.  I followed the recommended fix but it didn't resolve the issue.  Anything else it could be?  I was wondering if perhaps it could be that barnyard2 needs to be rebuilt for 2.9.7.3?

Here's my config...

snort.conf

 

Not real sure about some of you configurations. It appears you are using an outdated snort.conf file. You will need to retrieve a stock snort.conf and configure. Do not activate the SO rules as they are not compatable with Windows.

Delete all the files in snort/logs prior to restarting.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now