Barnyard2 database failures

[Dave Corsello <snort-users () wintertreemedia com>]

Hello,

I'm running two Snort inline boxes--one on my LAN and one on my DMZ.  
I'm getting one or two sets of barnyard2 errors per day on each sensor, 
similar to the example below, since upgrading to Snort 2.9.3.1.  I'm 
running Barnyard2 ver. 2.1.11 Build 317, and the OS is Ubuntu Server 
10.04.3.  MySQL is running on a separate Ubuntu box. This same setup was 
working fine on both sensors prior to upgrading Snort. Any ideas?

Thanks,
Dave

Example:

Dec 28 17:20:23 snort1 barnyard2[5580]: [Database()]: Insertion of Query 
[INSERT INTO event (sid,cid,signature,timestamp) VALUES (1, 2123, 682, 
'2012-12-28 17:20:18');] failed
Dec 28 17:20:23 snort1 barnyard2[5580]: WARNING database: [Database()] 
Failed transaction with current query transaction #012
Dec 28 17:20:23 snort1 barnyard2[5580]: WARNING database: Failed Query 
Position [1] Failed Query Body [INSERT INTO event 
(sid,cid,signature,timestamp) VALUES (1, 2123, 682, '2012-12-28 
17:20:18');]
Dec 28 17:20:23 snort1 barnyard2[5580]: WARNING database: Failed Query 
Position [2] Failed Query Body [INSERT INTO tcphdr (sid, cid, tcp_sport, 
tcp_dport, tcp_seq, tcp_ack, tcp_off, tcp_res, tcp_flags, tcp_win, 
tcp_csum, tcp_urp) VALUES 
(1,2123,45371,80,1719521233,533625699,8,0,24,115,48796,0);]
Dec 28 17:20:23 snort1 barnyard2[5580]: WARNING database: Failed Query 
Position [3] Failed Query Body [INSERT INTO opt 
(sid,cid,optid,opt_proto,opt_code,opt_len,opt_data) VALUES 
(1,2123,2,6,8,8,'0562CF7A899C1338');]
Dec 28 17:20:23 snort1 barnyard2[5580]: WARNING database: Failed Query 
Position [4] Failed Query Body [INSERT INTO iphdr (sid, cid, ip_src, 
ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off,ip_ttl, 
ip_proto, ip_csum) VALUES 
(1,2123,1962855192,169100811,4,5,0,237,347,0,0,41,6,49018);]
Dec 28 17:20:23 snort1 barnyard2[5580]: WARNING database: Failed Query 
Position [5] Failed Query Body [INSERT INTO data (sid,cid,data_payload) 
VALUES 
(1,2123,'474554202F77303074773030742E61742E626C61636B686174732E726F6D616E69616E2E616E74692D7365633A2920485454502F312E310D0A4163636570743A202A2F2A0D0A4163636570742D4C616E67756167653A20656E2D75730D0A4163636570742D456E636F64696E673A20677A69702C206465666C6174650D0A557365722D4167656E743A205A6D45750D0A486F73743A2030302E30302E30302E30300D0A436F6E6E656374696F6E3A20436C6F73650D0A0D0A');]
 

Dec 28 17:20:23 snort1 barnyard2[5580]: WARNING database [Database()]: 
End of failed transaction block

(I replaced the IP info in the data payload in the next to last warning 
with 00.00.00.00.)

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_123012
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!