[Snort-users] barnyard log and alert data issues

Jason snort-users at ...2977...
Wed Sep 17 04:45:03 EDT 2003


could someone post their barnyard config files (someone logging both
alerts and logs), I seem to be having an issue.  When running two
instances of barnyard, 1 always seems to crap out on me when it hits a
duplicate key (which is what it should do, however I cannot seem to
prevent the duplicate keys.....
Below is the error and the conf files.  Most options (daemon mode etc) are
started from the command line, each instance uses its own pid and waldo
file.

Sep 16 14:20:08 snortdmz barnyard: FATAL ERROR: Error (Duplicate entry
'3-5882'
for key 1) executing query: INSERT INTO event(sid, cid, signature,
timestamp) VA
LUES('3', '5882', '40', '2003-09-16 14:05:21 -0400')

Barnyard conf no 1:
-------------------
snortdmz# more barnyard.conf.alert
#config daemon
config localtime
config hostname: snort.dmz
config interface: fxp0
config filter: not port 22
processor dp_alert
processor dp_log
processor dp_stream_stat
output alert_fast
output log_dump
#output alert_syslog
#output log_pcap
output alert_acid_db: mysql, sensor_id 4, database snort_log, server
127.0.0.1, user snort, password *****
#output log_acid_db: mysql, database snort_log, server 127.0.0.1, user
snort,password *****,  detail full

Barnyard conf no 2:
-------------------snortdmz# more barnyard.conf.log
#config daemon
config localtime
config hostname: snort.dmz
config interface: fxp0
config filter: not port 22
processor dp_alert
processor dp_log
processor dp_stream_stat
#output alert_fast
#output log_dump
#output alert_syslog
#output log_pcap
#output alert_acid_db: mysql, sensor_id 3, database snort_log, server
127.0.0.1, user snort, password *****
output log_acid_db: mysql, database snort_log, server 127.0.0.1, user
snort,password *****,  detail full






More information about the Snort-users mailing list