Re: error inserting values into mysql DB

["A. J. Wright" <ajw () utk edu>]

I've had this problem when multiple instances of snort were running  
on the box at the same time.  Occasionally snort shrugs off SIGTERM  
and you have to be a little more violent.

Both instances would see the same event on the same ethernet device  
at the same time, and try to insert the (same) event into the  
database.  MySQL would promptly balk at inserting duplicate events,  
causing that error message.

I suppose it might also be possible if you have duplicate, but  
generally equivalent, MySQL alert/log outputs defined.

Luck,
--aj

A. J. Wright -- <ajw () utk edu>
Senior Security Analyst, Information Security Office
University of Tennessee, Knoxville

On Apr 10, 2006, at 9:17 AM, devork wrote:

> I have mysql database set as output plugin in snort.conf  
> configuration file.
> but when any alert is generated it gives following error.
>
> ---------------------  ------------
> SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES ('2',
> '135', '548', ' 2006-04-10 12:37:51.284+005')
> database: mysql_error: Duplicate entry '2' for key 1
> SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES ('2',
> '136', '548', ' 2006-04-10 12:37:51.284+005')
> database: mysql_error: Duplicate entry '2' for key 1
> SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES ('2',
> '137', '548', ' 2006-04-10 12:37:51.284+005')
> database: mysql_error: Duplicate entry '2' for key 1
> ---------------------  ------------
> #mysql -V
> mysql  Ver 14.7 Distrib 4.1.14, for pc-linux-gnu (i686) using  
> readline 4.3
>
> regards,
> dvk

Attachment: smime.p7s
Description: