[Snort-users] [barnyard2-users] Fatal error after upgrading barnyard2
beenph at ...11827...
Sat Sep 29 11:45:04 EDT 2012
>> Re-Hoi Miguel,
>> Was this message taken from the system syslog?
>> And did you have previous message that would complement the following?
>> We added some verbosity and i find it curious that there is no
>> companion message. (failed execution path)
> You're right, I apologise, that was not the complete message. It is:
> Sep 29 04:13:03 nids12 barnyard2: FATAL ERROR: database
> mysql_error: Duplicate entry '6-217828' for key 'PRIMARY'
> SQL=[INSERT INTO event (sid,cid,signature,timestamp) VALUES
> (6, 217828, 36, '2012-09-29 04:13:02');]
Well the only way i can see that a by2 process would be re-using the same
event_id, is that there would be some colision on sensor_id.
2-1.10 at initialization will query every table to get the latest
event id, and increment it,
update the sensor table and start inserting.
Every db call in 2-1.10 is isolated in a transaction, thus if this
happen it means that something else with the same sensor_id
inserted before failing transaction was executed.
I know this might sound wierd and that you "never had issue" but i
would start looking a making sure that all
your by2 process have different sensor_id and that they are configured
to collide with an other process.
An other thing i would look at is if you have on some system a by2
process running in the background that would
conflict with your "frontman process". Mabey a process didin't
terminate as expected or was started from an other
mechanism and is still running.
Which could explain:
>Sep 29 04:11:17 nids12 barnyard2: Failed to archive file
> "/var/log/snort/eth7/snort.u2.1348805013" to
> "/var/log/snort/eth7/snort.u2.1348805013": File exists
More information about the Snort-users