Snort mailing list archives
RE: snort warnings
From: "Everist, Benjamin S. (NASWI)" <EveristB () naswi navy mil>
Date: Wed, 6 Aug 2003 10:09:17 -0700
be my guest. Another question - you wrote in another post: "the 2.0.0 box starts quietly and I don't see any output when I run the script, the 2.0.1 box scrolls the regular startup output when started." Snort scrolling the startup output to stdout sounds like it -isn't- starting in Daemon mode. What's up with that? -----Original Message----- From: Bryan Irvine [mailto:bryan.irvine () kingcountyjournal com] Sent: Wednesday, August 06, 2003 9:58 AM To: Everist, Benjamin S. (NASWI) Subject: RE: [Snort-users] snort warnings i uhm...get 141 rows.... odd...might if I repost your message to the list? --Bryan On Wed, 2003-08-06 at 09:47, Everist, Benjamin S. (NASWI) wrote:
Just out of curiosity, if you log into postgres and issue the following query: select * from signature where sig_name = 'WEB-CGI adcycle access' and sig_rev = 3 and sig_sid = 1721; what do you get? In mysql, I get:
+--------+------------------------+--------------+--------------+---------+- --------+
| sig_id | sig_name | sig_class_id | sig_priority | sig_rev | sig_sid |
+--------+------------------------+--------------+--------------+---------+- --------+
| 39 | WEB-CGI adcycle access | 5 | 2 | 3 | 1721 |
+--------+------------------------+--------------+--------------+---------+- --------+
1 row in set (0.00 sec) It looks as if snort is expecting one record and getting >1. Snort is then writing the error to stdout. -----Original Message----- From: Bryan Irvine [mailto:bryan.irvine () kingcountyjournal com] Sent: Tuesday, August 05, 2003 3:06 PM To: snort-users () lists sourceforge net Subject: [Snort-users] snort warnings I get tons of these errors Aug 5 14:48:10 knox3 snort: database: warning (SELECT sig_id FROM signature WHERE sig_name = 'WEB-CGI adcycle access' AND sig_rev = 3 AND sig_sid = 1721 ) returned more than one result Aug 5 14:48:10 knox3 snort: database: warning (SELECT sig_id FROM signature WHERE sig_name = 'WEB-CGI adcycle access' AND sig_rev = 3 AND sig_sid = 1721 ) returned more than one result Aug 5 14:48:10 knox3 snort: database: Problem inserting a new signature 'WEB-CGI adcycle access' Aug 5 14:48:10 knox3 snort: database: Problem inserting a new signature 'WEB-CGI adcycle access' the odd thing is, this is set to run in daemon mode and log to postgres so i'm not sure why i'm even getting the errors to stdout. This is the script I'm using to start snort. snort -o -b -l /var/www/htdocs/snort/fxp0 -d -D -i fxp0 -c /usr/local/share/snort/fxp0.conf not host '(192.233.100.178)' snort -o -b -l /var/www/htdocs/snort/fxp1 -d -D -i fxp1 -c /usr/local/share/snort/fxp1.conf not host '(192.233.100.178)' any ideas? --Bryan
Current thread:
- snort warnings Bryan Irvine (Aug 05)
- <Possible follow-ups>
- RE: snort warnings Everist, Benjamin S. (NASWI) (Aug 06)
- RE: snort warnings Bryan Irvine (Aug 06)
- RE: snort warnings Erek Adams (Aug 06)
- RE: snort warnings Bryan Irvine (Aug 06)
- RE: snort warnings Bryan Irvine (Aug 06)
- RE: snort warnings Bryan Irvine (Aug 06)
- RE: snort warnings Everist, Benjamin S. (NASWI) (Aug 06)
- RE: snort warnings Bryan Irvine (Aug 06)
- RE: snort warnings Everist, Benjamin S. (NASWI) (Aug 06)
- RE: snort warnings Bryan Irvine (Aug 06)
- RE: snort warnings Bryan Irvine (Aug 06)
- RE: snort warnings Michael J. McCasland (Aug 07)