[Snort-users] Barnyard2 reports database insert errors

beenph beenph at ...11827...
Fri Nov 1 15:12:38 EDT 2013


On Fri, Nov 1, 2013 at 11:58 AM, Dave Corsello
<snort-users at ...15598...> wrote:
> Folks,
>
Hi Dave,

> I asked about this a long time ago, and just recently looked at the
> problem again.  I'm not sure if it's a barnyard2 problem, a MySQL
> problem, or a problem with some other component.
>
> I'm getting intermittent errors similar to the following:
>
> Nov 1 10:25:14 snort2 barnyard2[XXXXX]: [Database()]: Insertion of Query
> [INSERT INTO event (sid,cid,signature,timestamp) VALUES (X, XXXXXX,
> XXXXXX, '2013-11-01 10:25:09');] failed
>

1. Which version of barnyard2 are you using?
2. If you say that the record is there, then its normal that you get
this error because
    you can't have a record with the same sid(sensor id),cid(incident
id) inserted.

Would it be possible that you might have two barnyard2 process using
the same configuration and processing the same spool file logging to
the same database?
wrong startup script  for example.

Which storage engine are you using with MySQL?
Could you return the result of the following query:
      SELECT table_name,engine FROM INFORMATION_SCHEMA.TABLES WHERE
table_schema=DATABASE();



> But when I check the database, the record is there.  So, either a status
> message is not making it from MySQL to barnyard2, or barnyard2 is
> dropping the ball somehow.  The database resides on another machine.
> Traffic between the snort/barnyard2 machine and the MySQL machine is
> open on port 3306.
>
> Any ideas?
>

-elz




More information about the Snort-users mailing list