[Snort-users] Barnyard2 reports database insert errors

Dave Corsello snort-users at ...15598...
Fri Nov 1 11:58:39 EDT 2013


I asked about this a long time ago, and just recently looked at the 
problem again.  I'm not sure if it's a barnyard2 problem, a MySQL 
problem, or a problem with some other component.

I'm getting intermittent errors similar to the following:

Nov 1 10:25:14 snort2 barnyard2[XXXXX]: [Database()]: Insertion of Query 
[INSERT INTO event (sid,cid,signature,timestamp) VALUES (X, XXXXXX, 
XXXXXX, '2013-11-01 10:25:09');] failed

But when I check the database, the record is there.  So, either a status 
message is not making it from MySQL to barnyard2, or barnyard2 is 
dropping the ball somehow.  The database resides on another machine.  
Traffic between the snort/barnyard2 machine and the MySQL machine is 
open on port 3306.

Any ideas?


