[Snort-users] snort warnings

Bryan Irvine bryan.irvine at ...9066...
Wed Aug 6 16:10:03 EDT 2003


I've never tried either.  This is really starting to get on my nerves
though.  

I just blew up the DB again (via dropdb) updated the postgresql schema
to the one that came with 2.0.1, and upgraded the version of snort on
both boxes to 2.0.1 and it ran for about 10 minutes without any problems
(I thought it was fixed) but now it's right back to the same old
problems.

AAAAAAARRRRGHHHH!!!!!


Any snort guru's that understand why I'm getting the output listed below
the line?

--Bryan

###########THE LINE##########

# Aug  6 15:38:48 knox3 last message repeated 987 times
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:42:56 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:42:56 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:42:56 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:42:56 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:42:56 knox3 snort: database: unable to write classification 
Aug  6 15:42:56 knox3 snort: database: unable to write classification 

# Aug  6 15:47:20 knox3 snort: database: warning (SELECT sig_class_id
FROM sig_class WHERE  sig_class_name = 'web-application-attack')
returned more than one result 
Aug  6 15:47:20 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:47:20 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:47:20 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:47:20 knox3 snort: database: unable to write classification 
Aug  6 15:47:20 knox3 snort: database: unable to write classification 

# 


On Wed, 2003-08-06 at 14:35, Everist, Benjamin S. (NASWI) wrote:
> well... (helpless shrug) you could uncomment #define DEBUG in
> spo_database.c and recompile...  I've never tried that (and I don't
> speak C) so I don't know what help it might give.
> 
> 
> Benjamin
> 





More information about the Snort-users mailing list