Re: Barnyard2 problems with reputation preproc rules

[Dave Corsello <snort-users () wintertreemedia com>]

MySQL version 5.1.49

To the best of my recollection, I never ran ALTER TABLE to change the
storage engine.  The only changes to this database were done by the BASE
script that adds the acid tables, which I ran a couple of years ago.

Here are the results of the query:

+--------+--------------+-----------------------------------+--------------+---------+---------+---------+--------------+
| sig_id | sig_class_id | sig_name                          |
sig_priority | sig_rev | sig_sid | sig_gid | events_count |
+--------+--------------+-----------------------------------+--------------+---------+---------+---------+--------------+
|  16501 |            4 | reputation: Packet is blacklisted |           
2 |       1 |       1 |     136 |        65341 |
|  17372 |            0 | reputation: Packet is blacklisted |           
0 |       1 |       1 |     136 |            0 |
+--------+--------------+-----------------------------------+--------------+---------+---------+---------+--------------+

On 2/2/2014 9:16 AM, beenph wrote:
> On Sun, Feb 2, 2014 at 8:29 AM, Dave Corsello
> <snort-users () wintertreemedia com> wrote:
> > No, sorry, I forgot to include version info.  I've been on by2 version
> > 2.1.13 build 327 and snort 2.9.5.5 for months.  All snort tables are
> > InnoDB; all acid tables are MyISAM.  None of this has changed.  The only
> > thing that's changed that I can see is the number of blacklist IP's, but
> > that changes almost daily.  i suppose I could try deleting signature
> > 16501, but it's linked to thousands of events.
> Yup, but you also have been having SQL issues a different level, Which
> version of MySQL are you using again?
>
> the multiple issue you have been having with sql could mean that in
> the past you have converted using ALTER TABLE,
> rather than create the database based on innodb storage engine.
>
> I looked back to previous thread you had written on the by2 mailing list
>  and can't find info on your mysql version.
>
> I would be interesting to see the result of the following query.
>
> SELECT * FROM signature WHERE sig_id IN (16501,17372)
>
> -elz

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!