[Snort-users] Duplicate entry MySQL entries

BShinn at ...4086... BShinn at ...4086...
Thu Nov 15 07:12:04 EST 2001


I am running Snort 1.8.2 (86) on a Debian/Linux machine sending alerts only
to MySQL 3.23.44 on the local machine. The database schema is 104, if that
matters. I keep receiving "Duplicate entry" errors like those shown below,
it does not seem to matter how many sensors I am running (it happens whether
I have 1, 2, or 3 running), the order in which I start them, or the
"sensor_name" variable I use in the snort.conf file. I have rebuilt the
database several times, and have run countless CHECK TABLE  or REPAIR TABLE
commands with no obvious answer. Any suggestions on how I can begin
troubleshooting this? 
 
Bill
 
Here is a sample of the console output from Snort.....
 
database: mysql_error: Duplicate entry '2-10' for key 1
SQL=INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum) VALUES
('2',
'10','3','3','50828')
database: mysql_error: Duplicate entry '2-10' for key 1
SQL=INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver,ip_hlen, ip_tos,
ip_len,
 ip_id, ip_flags, ip_off,ip_ttl, ip_proto, ip_csum) VALUES
('2','10','2886836898
','168099900','4','5','0','56','7730','0','0','128','1','50078')
database: mysql_error: Duplicate entry '2-10' for key 1
SQL=INSERT INTO data (sid,cid,data_payload) VALUES
('2','10','000000004500002460
E500007E1182EF0A05003CAC11A2A20B2D042C00102707')
database: mysql_error: Duplicate entry '2-11' for key 1
SQL=INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum) VALUES
('2',
'11','3','3','50828')
database: mysql_error: Duplicate entry '2-11' for key 1
SQL=INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver,ip_hlen, ip_tos,
ip_len,
 ip_id, ip_flags, ip_off,ip_ttl, ip_proto, ip_csum) VALUES
('2','11','2886836898
','168099900','4','5','0','56','7739','0','0','128','1','50069')
database: mysql_error: Duplicate entry '2-11' for key 1
SQL=INSERT INTO data (sid,cid,data_payload) VALUES
('2','11','000000004500002433
F000007E11AFE40A05003CAC11A2A20B91042C001026A3')
database: mysql_error: Duplicate entry '2-12' for key 1
SQL=INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum) VALUES
('2',
'12','3','3','50828')
database: mysql_error: Duplicate entry '2-12' for key 1
SQL=INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver,ip_hlen, ip_tos,
ip_len,
 ip_id, ip_flags, ip_off,ip_ttl, ip_proto, ip_csum) VALUES
('2','12','2886836898
','168099900','4','5','0','56','7811','0','0','128','1','49997')
database: mysql_error: Duplicate entry '2-12' for key 1
SQL=INSERT INTO data (sid,cid,data_payload) VALUES
('2','12','0000000045000024E7
F200007E11FBE10A05003CAC11A2A20BD9042C0010265B')
database: mysql_error: Duplicate entry '2-13' for key 1
SQL=INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver,ip_hlen, ip_tos,
ip_len,
 ip_id, ip_flags, ip_off,ip_ttl, ip_proto, ip_csum) VALUES
('2','13','2886836898
','168099900','4','5','0','56','8007','0','0','128','1','49801')
database: mysql_error: Duplicate entry '2-13' for key 1
SQL=INSERT INTO data (sid,cid,data_payload) VALUES
('2','13','0000000045000024E9
FC00007E11F9D70A05003CAC11A2A20CB2042C00102582')
database: mysql_error: Duplicate entry '2-14' for key 1
SQL=INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver,ip_hlen, ip_tos,
ip_len,
 ip_id, ip_flags, ip_off,ip_ttl, ip_proto, ip_csum) VALUES
('2','14','2886836898
','168099900','4','5','0','56','8040','0','0','128','1','49768')
database: mysql_error: Duplicate entry '2-14' for key 1
SQL=INSERT INTO data (sid,cid,data_payload) VALUES
('2','14','000000004500002404
FE00007E11DED60A05003CAC11A2A20CCD042C00102567')
database: mysql_error: Duplicate entry '2-15' for key 1
SQL=INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum) VALUES
('2',
'15','3','3','50828')
database: mysql_error: Duplicate entry '2-15' for key 1
SQL=INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver,ip_hlen, ip_tos,
ip_len,
 ip_id, ip_flags, ip_off,ip_ttl, ip_proto, ip_csum) VALUES
('2','15','2886836898
','168099900','4','5','0','56','8167','0','0','128','1','49641')
database: mysql_error: Duplicate entry '2-15' for key 1
SQL=INSERT INTO data (sid,cid,data_payload) VALUES
('2','15','00000000450000242E
0500007E11B5CF0A05003CAC11A2A20E51042C001023E3')
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011115/f5e5979b/attachment.html>


More information about the Snort-users mailing list