[Snort-users] Barnyard issue: Multiple entries in database for a single signature.

fatema bannatwala fatema.bannatwala at ...11827...
Tue Jan 17 18:05:08 EST 2017


Haven't got any updates on this yet.
Has the project stopped being maintained or there are alternatives to
barnyard that I am not aware of?

Appreciate the help.

Thanks,
Fatema.

On Tue, Jan 10, 2017 at 9:59 AM, fatema bannatwala <
fatema.bannatwala at ...11827...> wrote:

> Also, I am running barnyard2-1.9 version.
> Is barnyard2-1.14 a stable version that can be used in production?
>
> Thanks,
> Fatema.
>
> On Tue, Jan 10, 2017 at 8:27 AM, fatema bannatwala <
> fatema.bannatwala at ...11827...> wrote:
>
>> Hi all,
>>
>> So as the subject of this message says, there are multiple entries for
>> some rules getting created in the snort sql database, that is resulting in
>> alerts not getting logged into the database, maybe because of some
>> race-condition.
>>
>> Hence, is there any fix/patch for this kind of situation? or anyone else
>> is experiencing the same?
>>
>> For ex:
>>
>> snort=> SELECT * FROM signature WHERE sig_sid = 40782;
>>  sig_id  |                            sig_name
>>   | sig_class_id | sig_priority | sig_rev | sig_sid | sig_gid
>> ---------+--------------------------------------------------
>> ---------------+--------------+--------------+---------+----
>> -----+---------
>>  1561695 | BLACKLIST User-Agent known malicious user-agent string - Venik
>>  |            1 |            1 |       1 |   40782 |       1
>>  1561696 | BLACKLIST User-Agent known malicious user-agent string - Venik
>>  |            1 |            1 |       1 |   40782 |       1
>>  1561700 | BLACKLIST User-Agent known malicious user-agent string - Venik
>>  |            1 |            1 |       1 |   40782 |       1
>>  1561701 | BLACKLIST User-Agent known malicious user-agent string - Venik
>>  |            1 |            1 |       1 |   40782 |       1
>>  1561704 | BLACKLIST User-Agent known malicious user-agent string - Venik
>>  |            1 |            1 |       1 |   40782 |       1
>>  1561697 | BLACKLIST User-Agent known malicious user-agent string - Venik
>>  |            1 |            1 |       1 |   40782 |       1
>>  1561702 | BLACKLIST User-Agent known malicious user-agent string - Venik
>>  |            1 |            1 |       1 |   40782 |       1
>>  1561703 | BLACKLIST User-Agent known malicious user-agent string - Venik
>>  |            1 |            1 |       1 |   40782 |       1
>>
>>
>> Any help would be appreciated.
>>
>> Thanks,
>> Fatema.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170117/66fe78d5/attachment.html>


More information about the Snort-users mailing list