Snort mailing list archives
RE: acid DB error afrer excessive logging
From: "Hutchinson, Andrew" <andrew.hutchinson () Vanderbilt Edu>
Date: Thu, 21 Aug 2003 13:22:03 -0500
Sounds like the table is corrupted. Here is a blurb from an email I sent to the list from a few weeks ago. Just insert 'event.MYI' where I say 'iphdr.MYI', and it should be relevant. #>>>>>>>>>> First, make a copy of the table iphdr.MYI and put it somewhere safe in case things get ugly. Second, you'll want to run 'myisamchk iphdr.MYI' to see what it reports as the problem. This will let you know basically where you stand. If it looks like the index file is in good shape, then... - you'll want to run 'myisamchk --recover --quick iphdr.MYI' If it looks like the index is hosed, then... - you'll want to run 'myisamchk --recover iphdr.MYI' If that doesn't work, try... - 'myisamchk --safe-recover iphdr.MYI' #<<<<<<<<<< HTH, Andrew Hutchinson - Network Security Vanderbilt University Medical Center (615) 936-2856
-----Original Message----- From: Micheal Reynolds [mailto:mreynolds () pc-netservices com] Sent: Wednesday, August 20, 2003 1:56 PM To: snort-users () lists sourceforge net Subject: [Snort-users] acid DB error afrer excessive logging Hello All I am new to this mailing list and pretty new to Snort and have a question. . I installed Snort/Acid as per Patrick Harper's manual which was a great help. I had a sacrificial lamb windows 2000 box sitting on the internet and have snort running on the ext interface of my firewall. The mysql was so busy logging the icmp alerts it seems to have messed up the database with the following error when I try to login to acid Database ERROR:Database ERROR:Can't open file: 'event.MYI'. (errno: 145) The cpu was almost saturated between mysql ~75% and snort ~20%. After I got the win2k box patched I got the above error. Is there any quick way to fix this, perhaps delete the snort DB ? Many Thanks Micheal ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- acid DB error afrer excessive logging Micheal Reynolds (Aug 21)
- <Possible follow-ups>
- RE: acid DB error afrer excessive logging Hutchinson, Andrew (Aug 21)
- RE: acid DB error afrer excessive logging Micheal Reynolds (Aug 22)
- Re: acid DB error afrer excessive logging Dusty Hall (Aug 22)