Snort mailing list archives
Re: Error on db inserts
From: "Roman Danyliw" <roman () danyliw com>
Date: Fri, 1 Mar 2002 15:04:46 -0500 (EST)
These INSERT errors make sense, because things like '+71071' are of course not valid timezones. What platform are you running? What are your OS locale settings? You note that other events are logging fine (i.e. the normal rules), but postscan alerts and certain SPADE messages cause issues. Correct? Roman On Fri, 1 Mar 2002 13:44:37 -0500, "Clausing, James A \(Jim\), SOLCM" <jac () att com> wrote :
Folks, I'm seeing some errors inserting into my postgresql database apparently from spp_portscan and spp_anomsensor. I conclude this by correlating the following log messages. I haven't looked at the code, to see if I could fix it (not enough hours in the day), but perhaps someone who knows the code better than I can find the problem more quickly, note this occurs on 1.8.3 and all of the 1.8.4 betas. From the looks of it, the problem is not with all of the messages. For example, most of the SPADE messages are fine, the errors seem to occur on the 'threshold adjustment messages'. From portscan, the errors come on the status and end messages, but not the 'PORTSCAN DETECTED' messages. Hopefully, this helps. ---Jim Mar 1 16:33:52 gauss snort: [ID 702911 local6.info] spp_portscan: PORTSCAN DETECTED to port 21536 from 63.157.9.149 (STEALTH) Mar 1 16:33:56 gauss snort: [ID 702911 local6.info] spp_portscan: portscan status from 63.157.9.149: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH Mar 1 16:33:56 gauss snort: [ID 702911 daemon.error] database: postgresql_error: ERROR: Bad timestamp external representation '2002-03-01 16:33:56+71071' Mar 1 16:34:00 gauss snort: [ID 702911 local6.info] spp_portscan: End of portscan from 63.157.9.149: TOTAL time(0s) hosts(1) TCP(1) UDP(0) STEALTH Mar 1 16:34:00 gauss snort: [ID 702911 daemon.error] database: postgresql_error: ERROR: Bad timestamp external representation '2002-03-01 16:34:00+249582' Mar 1 16:40:29 gauss snort: [ID 702911 local6.info] spp_anomsensor: Threshold adjusted to 10.1959 after 18 alerts (of 4757) Mar 1 16:40:29 gauss snort: [ID 702911 daemon.error] database: postgresql_error: ERROR: Bad timestamp external representation '2002-03-01 16:40:29+71065' _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Error on db inserts Clausing, James A (Jim), SOLCM (Mar 01)
- <Possible follow-ups>
- Re: Error on db inserts Roman Danyliw (Mar 01)
- RE: Error on db inserts Clausing, James A (Jim), SOLCM (Mar 04)