Barnyard does not seem to be picking traffic

[dominic.fernandes@gmail.co]

database:   detail level = full

database:     ignore_bpf = no

database: using the "log" facility

 

        --== Initialization Complete ==--

 

  ______   -*> Barnyard2 <*-

 / ,,_    Version 2.1.13 (Build 327)

 |o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/

 + '''' +  © Copyright 2008-2013 Ian Firns <firnsy@securixlive.com>

 

Using waldo file 'd:winidssnortlogbarnyard.waldo':

    spool directory = d:winidssnortlog

    spool filebase  = merged.log

    time_stamp      = 1405511881

    record_idx      = 2

Opened spool file 'd:winidssnortlog/merged.log.1405511881'

Closing spool file 'd:winidssnortlog/merged.log.1405511881'. Read 2 records

Opened spool file 'd:winidssnortlog/merged.log.1405523537'

Waiting for new data

07/16-18:13:59.508457  [**] [129:12:1] stream5: TCP Small Segment Threshold Exce

eded [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.

253.1:139 -> 192.168.253.131:1035

 

[Morpheus]

I'm not sure what you are getting at here.

 

According to the log files; the Windows Intrusion Detection System (WinIDS) has had one previous run that detected and logged two events (records).

 

The Windows Intrusion Detection System (WinIDS) has been ran again, and has detected one event (the data after the "Waiting for new data" shows data for one event)

 

At that point if Barnyard2 was stopped, you should be able to go into the Windows Intrusion Detection Systems (WinIDS) security console, and there should be a total of three events.

 

Restarting barnyard2, or rebooting, the barnyard2 terminal window should now show:

 

record_idx      = 3

 

Everything is normal...

[syncjobj]

Has any tested Snort/Barnyard etc... on Windows 2008 R2 Datacenter addition? 

 

I tested it on Windows 2012 R2 Standard Edition and is working, but could not get Alerts to work on Windows 2008 R2 Datacenter addition.