[Snort-users] Error on db inserts

Clausing, James A (Jim), SOLCM jac at ...1982...
Fri Mar 1 10:59:49 EST 2002


Folks,
	I'm seeing some errors inserting into my postgresql database
apparently from spp_portscan and spp_anomsensor.  I conclude this by
correlating the following log messages.  I haven't looked at the code, to
see if I could fix it (not enough hours in the day), but perhaps someone who
knows the code better than I can find the problem more quickly, note this
occurs on 1.8.3 and all of the 1.8.4 betas.  From the looks of it, the
problem is not with all of the messages.  For example, most of the SPADE
messages are fine, the errors seem to occur on the 'threshold adjustment
messages'.  From portscan, the errors come on the status and end messages,
but not the 'PORTSCAN DETECTED' messages.  Hopefully, this helps.

---Jim


Mar  1 16:33:52 gauss snort: [ID 702911 local6.info] spp_portscan: PORTSCAN
DETECTED to port 21536 from 63.157.9.149 (STEALTH)
Mar  1 16:33:56 gauss snort: [ID 702911 local6.info] spp_portscan: portscan
status from 63.157.9.149: 1 connections across 1 hosts: TCP(1), UDP(0)
STEALTH
Mar  1 16:33:56 gauss snort: [ID 702911 daemon.error] database:
postgresql_error: ERROR:  Bad timestamp external representation '2002-03-01
16:33:56+71071'
Mar  1 16:34:00 gauss snort: [ID 702911 local6.info] spp_portscan: End of
portscan from 63.157.9.149: TOTAL time(0s) hosts(1) TCP(1) UDP(0) STEALTH
Mar  1 16:34:00 gauss snort: [ID 702911 daemon.error] database:
postgresql_error: ERROR:  Bad timestamp external representation '2002-03-01
16:34:00+249582'


Mar  1 16:40:29 gauss snort: [ID 702911 local6.info] spp_anomsensor:
Threshold adjusted to 10.1959 after 18 alerts (of 4757)
Mar  1 16:40:29 gauss snort: [ID 702911 daemon.error] database:
postgresql_error: ERROR:  Bad timestamp external representation '2002-03-01
16:40:29+71065'




More information about the Snort-users mailing list