[Snort-users] Help w/ barnyard2 issues

John Ives jives at ...15416...
Tue May 20 14:53:24 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 5/20/14, 11:41 AM, Moore, Jim wrote:
> I have 2 issues w/ barnyard2 2.1.13 running on a Fedora 19 box.
> The box has 3 sensor interfaces w/ 3 snort instances and 3
> barnyard2 instances. Each of the barnyard2 instances is writing
> output to a fast alert file and a remote Postgresql database.  The
> first problem occurs during barnyard2 startup.  When the instance
> initializes the database connection it encounters a fatal error
> like so:
> 
> ERROR database: Query [SELECT sig_id FROM signature WHERE (sig_sid
> = '17688') AND (sig_gid  = '1') AND (sig_rev  = '9') AND
> (sig_class_id = '9') AND (sig_priority = '1') AND (sig_name =
> 'BROWSER-IE Microsoft Internet Explorer userdata behavior memory
> corruption attempt'); ] returned more than one result
> 
> So far, the only fix I have been able to come up w/ is to
> hand-remove the existing row from the signature table and restart 1
> barnyard2 instance.  The 2nd instance encounters the same error, so
> I repeat the process for all 3 instances.

I have encountered this same issue though not necessarily with this
same rule. Of course the reason that I have to restart the instance of
barnyard in the first place is that it crashed, probably as a result
of this sort of error.

For commonalities I am also logging to postgresql however I am doing
it from a FreeBSD box.

John

- -- 
- -------------------------------------------------------------------------
John Ives
Information Security & Policy			    Phone (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJTe6SkAAoJEJkidK6qbywsJOIH/2zb871CJvto2Olc31hSCsNS
80aLKIdzOLNKBPPSLpaD3GAwmKthKzEX6vvap0alM9422/XH/8gXXCGBscM0BB8B
PJBpuZG0uYRiau1hTs7VaUzmae7UkAgknhTwWA1e/nZ5UhDb8PlJ2SHqvObpDmMK
XCCXV6R99dh1DnYeI1y2Y5IMddTGR5GYaVV1yLmahI97igSU8EfUG+UvU9y/jutx
M6n/8G46rLn1/3/Vakjf2RhhI/5qa1MAhE9O9Mp+zxrgMwJ6tVZbXqrsEHqQpXXH
mWkPVKrE2OyTvDP/kEw+8rsO9PTMo0+URjF+0f8iObV0czIsMBR3BDKnXbvc+gU=
=xMLz
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list