Snort mailing list archives

Snort/Barnyard/MySQL/ACID - Duplicate entry

From: "Maetzky, Steffen (Extern)" <Steffen.Maetzky () gedas de>
Date: Thu, 25 Mar 2004 18:45:59 +0100

Hello,

I'm using Snort with Barnyard, MySQL and ACID and get often the following
message from ACID:      duplicate entry xx for key 1 (seemed to be an
mysql-message)

I' ve rebuild my databases (snort and acidarchive) and deleted all alerts
but without success.

I'm using the following configs and would be happy to get help:

snort.conf:

##change user
config set_uid: snort

##network
var HOME_NET **********
var DNS_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var SNMP_SERVERS $HOME_NET
var HTTP_PORTS 8080
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521

##rulepath
var RULE_PATH /etc/snort/rules

##preprocessors
preprocessor frag2: memcap 32000000
preprocessor stream4: detect_scans, memcap 32000000
preprocessor stream4_reassemble: ports default
preprocessor rpc_decode: 111 32771

##output-plugins
output log_unified: filename unified.log

##configs
include classification.config
include reference.config

##rules
include $RULE_PATH/local.rules
etc...

Barnyard.conf:

# set the hostname (currently only used for the acid db output plugin)
config hostname: localhost

# set the interface name (currently only used for the acid db output plugin)
config interface: eth1

# set the filter (currently only used for the acid db output plugin)
config filter: not port 22

#processors
processor dp_alert
processor dp_log

# acid_db
#output alert_acid_db: mysql, sensor_id 1, database snort, server localhost,
user snort, password ****** ,detail full
output log_acid_db: mysql, sensor_id 1, database snort, server localhost,
user snort, password ****** ,detail full



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort/Barnyard/MySQL/ACID - Duplicate entry Maetzky, Steffen (Extern) (Mar 29)
- Re: Snort/Barnyard/MySQL/ACID - Duplicate entry Andrew R. Baker (Mar 29)