[Snort-users] Barnyard2 problems with reputation preproc rules

Dave Corsello snort-users at ...15598...
Sun Feb 2 08:29:53 EST 2014


No, sorry, I forgot to include version info.  I've been on by2 version
2.1.13 build 327 and snort 2.9.5.5 for months.  All snort tables are
InnoDB; all acid tables are MyISAM.  None of this has changed.  The only
thing that's changed that I can see is the number of blacklist IP's, but
that changes almost daily.  i suppose I could try deleting signature
16501, but it's linked to thousands of events.

On 2/1/2014 11:31 PM, beenph wrote:
> On Sat, Feb 1, 2014 at 8:21 PM, Dave Corsello
> <snort-users at ...15598...> wrote:
>> I've been getting barnyard2 errors today.  The first set of errors that
>> I see are:
>>
> Wild guess, you rescently updated to 2-1.13 and your using mysql with
> MyIASM storage?
> -elz
>
>> Feb  1 09:37:46 snort1 barnyard2[23251]: ERROR database: calling Insert() in [dbSignatureInformationUpdate()]
>>
>> Feb  1 09:37:46 snort1 barnyard2[23251]: [dbProcessSignatureInformation()] Line[1556], call to dbSignatureInformationUpdate failed for : #012[gid :136] [sid: 1] [upd_rev: 1] [upd class: 4] [upd pri 2]
>>
>> Feb  1 09:37:46 snort1 barnyard2[23251]: FATAL ERROR: [dbProcessSignatureInformation()]: Failed, stoping processing
>>
>>
>> Thereafter, I see the following every few minutes:
>>
>> Feb  1 09:43:43 snort1 barnyard2[24461]: ERROR database: Returned signature_id [16501] is not equal to updated signature_id [16936] in [dbSignatureInformationUpdate()]
>>
>> Feb  1 09:43:43 snort1 barnyard2[24461]: [dbProcessSignatureInformation()] Line[1556], call to dbSignatureInformationUpdate failed for : #012[gid :136] [sid: 1] [upd_rev: 1] [upd class: 4] [upd pri 2]
>>
>> Feb  1 09:43:43 snort1 barnyard2[24461]: FATAL ERROR: [dbProcessSignatureInformation()]: Failed, stoping processing
>>
>>
>> I tried deleting sig_id 16936 from the signature table, but then I just
>> get an error with a new signature id:
>>
>> Feb  1 20:17:52 snort1 barnyard2[25132]: ERROR database: Returned signature_id [16501] is not equal to updated signature_id [17372] in [dbSignatureInformationUpdate()]
>>
>>
>> Any ideas how to correct or work around this?
>>
>> Thanks,
>> Dave
>>
>>
>> ------------------------------------------------------------------------------
>> WatchGuard Dimension instantly turns raw network data into actionable
>> security intelligence. It gives you real-time visual feedback on key
>> security issues and trends.  Skip the complicated setup - simply import
>> a virtual appliance and go from zero to informed in seconds.
>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list