[Snort-users] Barnyard2 problems with reputation preproc rules

beenph beenph at ...11827...
Sat Feb 1 23:31:59 EST 2014


On Sat, Feb 1, 2014 at 8:21 PM, Dave Corsello
<snort-users at ...15598...> wrote:
> I've been getting barnyard2 errors today.  The first set of errors that
> I see are:
>
Wild guess, you rescently updated to 2-1.13 and your using mysql with
MyIASM storage?
-elz

> Feb  1 09:37:46 snort1 barnyard2[23251]: ERROR database: calling Insert() in [dbSignatureInformationUpdate()]
>
> Feb  1 09:37:46 snort1 barnyard2[23251]: [dbProcessSignatureInformation()] Line[1556], call to dbSignatureInformationUpdate failed for : #012[gid :136] [sid: 1] [upd_rev: 1] [upd class: 4] [upd pri 2]
>
> Feb  1 09:37:46 snort1 barnyard2[23251]: FATAL ERROR: [dbProcessSignatureInformation()]: Failed, stoping processing
>
>
> Thereafter, I see the following every few minutes:
>
> Feb  1 09:43:43 snort1 barnyard2[24461]: ERROR database: Returned signature_id [16501] is not equal to updated signature_id [16936] in [dbSignatureInformationUpdate()]
>
> Feb  1 09:43:43 snort1 barnyard2[24461]: [dbProcessSignatureInformation()] Line[1556], call to dbSignatureInformationUpdate failed for : #012[gid :136] [sid: 1] [upd_rev: 1] [upd class: 4] [upd pri 2]
>
> Feb  1 09:43:43 snort1 barnyard2[24461]: FATAL ERROR: [dbProcessSignatureInformation()]: Failed, stoping processing
>
>
> I tried deleting sig_id 16936 from the signature table, but then I just
> get an error with a new signature id:
>
> Feb  1 20:17:52 snort1 barnyard2[25132]: ERROR database: Returned signature_id [16501] is not equal to updated signature_id [17372] in [dbSignatureInformationUpdate()]
>
>
> Any ideas how to correct or work around this?
>
> Thanks,
> Dave
>
>
> ------------------------------------------------------------------------------
> WatchGuard Dimension instantly turns raw network data into actionable
> security intelligence. It gives you real-time visual feedback on key
> security issues and trends.  Skip the complicated setup - simply import
> a virtual appliance and go from zero to informed in seconds.
> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list