Re: Snort and Barnyard - why do our logs stop

["Atkins, Dwane P" <ATKINSD () uthscsa edu>]

01/24-11:57:37.207454  [**] [1:1394:12] SHELLCODE x86 inc ecx NOOP [**] [Classification: Executable Code was Detected] 
[Priority: 1] {UDP} 129.111.107.10:5247 -> 129.111.94.116:12929
database: mysql_error: Duplicate entry '1-15358037' for key 'PRIMARY'
SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES (1, 15358037, 4, '2011-01-24 11:57:37')

What does this mean?  Why am I getting duplicate entries and how do I discover where the mysql error is?

Dwane

From: Atkins, Dwane P [mailto:ATKINSD () uthscsa edu]
Sent: Monday, January 24, 2011 11:40 AM
To: 'snort-users () lists sourceforge net"'
Subject: [Snort-users] Snort and Barnyard - why do our logs stop

In a normal week, we get maybe two weeks of logs prior to the logging stops.  And when I do a ps -ef | grep snort, 
snort has stopped. Barnyard2 is still is the processes but snort has stopped.

Where can I go to investigate this?  Is there a log file somewhere that will report why the process has stopped? I am 
stumped.  Why does something work  good for two days and then stop? Is it  a resource issue?  If I need to extend it, I 
can, but what do I extend to the LVM group?

Thank you all for your help.  This is starting to get rather frustrating.

Dwane

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users