Snort mailing list archives
Barnyard2 sql insert failure
From: "Kaon Thana" <kthana () talkpoint com>
Date: Fri, 3 Mar 2017 08:24:05 -0500 (EST)
Hey Folks, I have a centralized mysql server accepting multiple barnyard2 sensors. One of the sensors has crashed twice in the last week with a SQL insert error. I run a weekly script with pulled pork to try and keep all the rules in sync on each server. Each barnyard sensor has a unique hostname or unique interface name. Any thoughts as to why this crash happens.. Log lines below: Barnyard2 version Version 2.1.13 (Build 327) Feb 28 12:00:58 xxx barnyard2[63889]: Barnyard2 initialization completed successfully (pid=63889) Feb 28 12:00:58 xxx barnyard2[63889]: Using waldo file xxxRedactedxxx Feb 28 12:00:58 xxx barnyard2[63889]: Opened spool file '/var/log/snort/merged.log.1488301165' Feb 28 12:00:58 xxx barnyard2[63889]: Waiting for new data Mar 2 06:56:36 xxx barnyard2[63889]: [Database()]: Insertion of Query [INSERT INTO event (sid,cid,signature,timestamp) VALUES (12, 427174, 236, '2017-03-02 05:59:40');] failed Mar 2 06:56:36 xxx barnyard2[63889]: WARNING database: [Database()] Failed transaction with current query transaction Mar 2 06:56:36 xxx barnyard2[63889]: WARNING database: Failed Query Position [1] Failed Query Body [INSERT INTO event (sid,cid,signature,timestamp) VALUES (12, 427174, 236, '2017-03-02 05:59:40');] Mar 2 06:56:36 xxx barnyard2[63889]: WARNING database: Failed Query Position [2] Failed Query Body [INSERT INTO tcphdr (sid, cid, tcp_sport, tcp_dport, tcp_seq, tcp_ack, tcp_off, tcp_res, tcp_flags, tcp_win, tcp_csum, tcp_urp) VALUES xxxRedactedxxx Mar 2 06:56:36 xxx barnyard2[63889]: WARNING database: Failed Query Position [3] Failed Query Body [INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off,ip_ttl, ip_proto, ip_csum) VALUES xxxRedactedxxx Mar 2 06:56:36 xxx barnyard2[63889]: WARNING database: Failed Query Position [4] Failed Query Body [INSERT INTO data (sid,cid,data_payload) VALUES xxxRedactedxxx Mar 2 06:56:36 xxx barnyard2[63889]: WARNING database [Database()]: End of failed transaction block Mar 3 00:58:47 xxx barnyard2[63889]: INFO [dbProcessSignatureInformation()]: [Event: 60] with [gid: 1] [sid: 41696] [rev: 1] [classification: 12] [priority: 1] Signature Message -> "[SERVER-WEBAPP Avtech IP Camera cloudsetup.cgi command execution attempt]" was not found in barnyard2 signature cache, this could mean its is the first time the signature is processed, and will be inserted in the database with the above information, this message should only be printed once for each signature that is not present in the database The new inserted signature will not have its information present in the sig_reference table,it should be present on restart if the information is present in the sid-msg.map file. You can allways update the message via a SQL query if you want it to be displayed correctly by your favorite interface Mar 3 00:58:47 xxx barnyard2[63889]: [dbProcessSignatureInformation()]: ERROR inserting new signature Mar 3 00:58:47 xxx barnyard2[63889]: FATAL ERROR: [dbProcessSignatureInformation()]: Failed, stoping processing Mar 3 00:58:47 xxx barnyard2[63889]: Barnyard2 exiting ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 sql insert failure Kaon Thana (Mar 03)