[Snort-users] Barnyard2 database failures

beenph beenph at ...11827...
Wed Jan 2 16:42:12 EST 2013


On Wed, Jan 2, 2013 at 4:24 PM, Dave Corsello
<snort-users at ...15598...> wrote:
>
> The errors happen at random times throughout the day, and they don't
> correlate to any other scheduled activity.
>

> Again, the only factor that has changed is that Snort has been upgraded.
>

Well as stated before and this should have no incidence on the logging,
so there must be something else that is involved.

What type of mysql storage do you use (MyIASM or InnoDB)
Do you have mysql logs?

> Is there any significance in the fact that all failed transactions contain
> the following string:  WARNING database: [Database()] Failed transaction
> with current query transaction #012
>

This message is generic and indicate that the following row's where
not inserted since the
involved transaction failed.

This is what i would do:
1- stop all barnyard2 process
2- stop your database
3- restart your database and enable logging query logging
4- start one barnyard2 process and let it run for a while in console
so when it will fail it will not restart.

Send the mysql logs of the event when this occur.

Personaly i think it could be two things.

1: mysql using MyIASM storage instead of InnoDB. (Should be InnoDB)
2: ressource exaustion on the database server that could kill the client thread.


-elz




More information about the Snort-users mailing list