[Snort-users] Re: Errors with simultaneous outputs in database

Muad Dib bizou31 at ...1855...
Thu Jun 23 02:00:01 EDT 2005


I change the user from output database so that each
snort has it's own user name and prevent concurrent
select from the same user

Well, bug is still there, but it's a bit better.

Postgres does not log any error and snort is less
verbose too :

Jun 23 10:52:25 s6 snort: database: warning (SELECT
sig_class_id   FROM sig_class  WHERE sig_class_name =
'suspicious-login') returned more than one result 
Jun 23 10:52:25 s6 snort: database: unable to write
classification 
Jun 23 10:52:25 s6 snort: database: warning (SELECT
sig_id   FROM signature  WHERE sig_name = 'MS-SQL SA
brute force login attempt'    AND sig_rev = 2    AND
sig_sid = 3542 ) returned more than one result 
Jun 23 10:52:25 s6 snort: database: Problem inserting
a new signature 'MS-SQL SA brute force login attempt' 
Jun 23 10:52:25 s6 snort: database: warning (SELECT
ref_system_id   FROM reference_system  WHERE
ref_system_name = 'nessus') returned more than one
result 
Jun 23 10:52:25 s6 snort: database: warning (SELECT
ref_system_id   FROM reference_system  WHERE
ref_system_name = 'nessus') returned more than one
result 
Jun 23 10:52:25 s6 snort: database: Unable to insert
unknown reference tag ('10673') used in rule. 
Jun 23 10:52:25 s6 snort: database: warning (SELECT
ref_system_id   FROM reference_system  WHERE
ref_system_name = 'cve') returned more than one result





	

	
		
___________________________________________________________________________ 
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger 
Téléchargez cette version sur http://fr.messenger.yahoo.com




More information about the Snort-users mailing list