[Snort-users] Barnyard issue: Multiple entries in database for a single signature.

fatema bannatwala fatema.bannatwala at ...11827...
Tue Jan 10 09:59:53 EST 2017


Also, I am running barnyard2-1.9 version.
Is barnyard2-1.14 a stable version that can be used in production?

Thanks,
Fatema.

On Tue, Jan 10, 2017 at 8:27 AM, fatema bannatwala <
fatema.bannatwala at ...11827...> wrote:

> Hi all,
>
> So as the subject of this message says, there are multiple entries for
> some rules getting created in the snort sql database, that is resulting in
> alerts not getting logged into the database, maybe because of some
> race-condition.
>
> Hence, is there any fix/patch for this kind of situation? or anyone else
> is experiencing the same?
>
> For ex:
>
> snort=> SELECT * FROM signature WHERE sig_sid = 40782;
>  sig_id  |                            sig_name
> | sig_class_id | sig_priority | sig_rev | sig_sid | sig_gid
> ---------+--------------------------------------------------
> ---------------+--------------+--------------+---------+----
> -----+---------
>  1561695 | BLACKLIST User-Agent known malicious user-agent string - Venik
>  |            1 |            1 |       1 |   40782 |       1
>  1561696 | BLACKLIST User-Agent known malicious user-agent string - Venik
>  |            1 |            1 |       1 |   40782 |       1
>  1561700 | BLACKLIST User-Agent known malicious user-agent string - Venik
>  |            1 |            1 |       1 |   40782 |       1
>  1561701 | BLACKLIST User-Agent known malicious user-agent string - Venik
>  |            1 |            1 |       1 |   40782 |       1
>  1561704 | BLACKLIST User-Agent known malicious user-agent string - Venik
>  |            1 |            1 |       1 |   40782 |       1
>  1561697 | BLACKLIST User-Agent known malicious user-agent string - Venik
>  |            1 |            1 |       1 |   40782 |       1
>  1561702 | BLACKLIST User-Agent known malicious user-agent string - Venik
>  |            1 |            1 |       1 |   40782 |       1
>  1561703 | BLACKLIST User-Agent known malicious user-agent string - Venik
>  |            1 |            1 |       1 |   40782 |       1
>
>
> Any help would be appreciated.
>
> Thanks,
> Fatema.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170110/6c1588db/attachment.html>


More information about the Snort-users mailing list