Snort mailing list archives
Re: Barnyard2 process stops when [gid :124] [sid: 1] [upd_rev: 1] fires
From: beenph <beenph () gmail com>
Date: Wed, 30 Jul 2014 19:32:50 -0400
Did you upgrade from 2-1.9 or 2-1.10-12 ? If so you might want to delete all preprocessor in the signature table where sig_class is 0 OR sig_priority is 0; 1. DELETE FROM signature sig_gid > 1 AND (sig_class_id = 0 or sig_priority = 0) Or run the update manually 2. UPDATE signature WHERE sig_id=166 SET sig_class_id=12,sig_priority=1; Before choosing any option do this (to see the state of the table); SELECT sig_gid,sig_sid,sig_name FROM signature WHERE sig_class = 0 OR sig_priority = 0 AND sig_gid > 1 And then you could run this to see how many event would be affected by the delete. SELECT a.sid,a.cid,a.count(*) FROM event AS a,(SELECT sig_id,sig_gid,sig_sid FROM signature WHERE sig_class = 0 OR sig_priority = 0 AND sig_gid > 1) AS b WHERE a.sid = b.sid GROUP by a.sid,a.cid; On Wed, Jul 30, 2014 at 7:54 AM, Avery Rozar <Avery.Rozar () i-techsupport com> wrote:
SELECT * FROM signature WHERE sig_gid = 124 and sig_sid=1; sig_id | sig_name | sig_class_id | sig_priority | sig_rev | sig_sid | sig_gid 166 | smtp: Attempted command buffer overflow | 0 | 0 | 1 | 1 | 124 (1 row) On 7/29/14, 7:13 PM, "beenph" <beenph () gmail com> wrote:SELECT * FROM signature WHERE sig_gid = 124 and sig_sid=1; On Tue, Jul 29, 2014 at 7:41 AM, Avery Rozar <Avery.Rozar () i-techsupport com> wrote:VERSION INFO CentOS 6.5 PostgreSQL 8.4.20 Barnyard2 2.1.13 (Build 327) Snort 2.9.5.6 GRE (Build 208) ERROR MESSAGE ERROR database: database: postgresql_error: ERROR: permission denied for relation signature#012 ERROR database: calling Insert() in [dbSignatureInformationUpdate()] [dbProcessSignatureInformation()] Line[1556], call to dbSignatureInformationUpdate failed for : #012[gid :124] [sid: 1] [upd_rev: 1] [upd class: 12] [upd pri 1] FATAL ERROR: [dbProcessSignatureInformation()]: Failed, stoping processing During the middle of operation if the smtp pre-proccesor fires Barnyard2 dies with this error. And if I restart the process it gives the same error and stops. If I restart snort, remove the waldo file and then start Barntard2 it works fine until this pre-proccesor fires again. Has anyone seen this before? Thanks, Avery ------------------------------------------------------------------------- ----- Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clk trk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 process stops when [gid :124] [sid: 1] [upd_rev: 1] fires Avery Rozar (Jul 29)
- Re: Barnyard2 process stops when [gid :124] [sid: 1] [upd_rev: 1] fires beenph (Jul 29)
- Re: Barnyard2 process stops when [gid :124] [sid: 1] [upd_rev: 1] fires Avery Rozar (Jul 30)
- Re: Barnyard2 process stops when [gid :124] [sid: 1] [upd_rev: 1] fires beenph (Jul 30)
- Re: Barnyard2 process stops when [gid :124] [sid: 1] [upd_rev: 1] fires Avery Rozar (Jul 31)
- Re: Barnyard2 process stops when [gid :124] [sid: 1] [upd_rev: 1] fires beenph (Jul 31)
- Re: Barnyard2 process stops when [gid :124] [sid: 1] [upd_rev: 1] fires Avery Rozar (Jul 30)
- Re: Barnyard2 process stops when [gid :124] [sid: 1] [upd_rev: 1] fires beenph (Jul 29)