Snort mailing list archives
Re: Barnyard2 problems with reputation preproc rules
From: Dave Corsello <snort-users () wintertreemedia com>
Date: Mon, 03 Feb 2014 10:17:39 -0500
MySQL version 5.1.49 To the best of my recollection, I never ran ALTER TABLE to change the storage engine. The only changes to this database were done by the BASE script that adds the acid tables, which I ran a couple of years ago. Here are the results of the query: +--------+--------------+-----------------------------------+--------------+---------+---------+---------+--------------+ | sig_id | sig_class_id | sig_name | sig_priority | sig_rev | sig_sid | sig_gid | events_count | +--------+--------------+-----------------------------------+--------------+---------+---------+---------+--------------+ | 16501 | 4 | reputation: Packet is blacklisted | 2 | 1 | 1 | 136 | 65341 | | 17372 | 0 | reputation: Packet is blacklisted | 0 | 1 | 1 | 136 | 0 | +--------+--------------+-----------------------------------+--------------+---------+---------+---------+--------------+ On 2/2/2014 9:16 AM, beenph wrote:
On Sun, Feb 2, 2014 at 8:29 AM, Dave Corsello <snort-users () wintertreemedia com> wrote:No, sorry, I forgot to include version info. I've been on by2 version 2.1.13 build 327 and snort 2.9.5.5 for months. All snort tables are InnoDB; all acid tables are MyISAM. None of this has changed. The only thing that's changed that I can see is the number of blacklist IP's, but that changes almost daily. i suppose I could try deleting signature 16501, but it's linked to thousands of events.Yup, but you also have been having SQL issues a different level, Which version of MySQL are you using again? the multiple issue you have been having with sql could mean that in the past you have converted using ALTER TABLE, rather than create the database based on innodb storage engine. I looked back to previous thread you had written on the by2 mailing list and can't find info on your mysql version. I would be interesting to see the result of the following query. SELECT * FROM signature WHERE sig_id IN (16501,17372) -elz
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 problems with reputation preproc rules Dave Corsello (Feb 01)
- Re: Barnyard2 problems with reputation preproc rules beenph (Feb 01)
- Re: Barnyard2 problems with reputation preproc rules Dave Corsello (Feb 02)
- Re: Barnyard2 problems with reputation preproc rules beenph (Feb 02)
- Re: Barnyard2 problems with reputation preproc rules Dave Corsello (Feb 03)
- Re: Barnyard2 problems with reputation preproc rules beenph (Feb 03)
- Re: Barnyard2 problems with reputation preproc rules Dave Corsello (Feb 03)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Barnyard2 problems with reputation preproc rules Dave Corsello (Feb 10)
- Re: Barnyard2 problems with reputation preproc rules Dave Corsello (Feb 12)
- Re: Barnyard2 problems with reputation preproc rules beenph (Feb 12)
- Re: Barnyard2 problems with reputation preproc rules Dave Corsello (Feb 02)
- Re: Barnyard2 problems with reputation preproc rules beenph (Feb 01)
- Re: Barnyard2 problems with reputation preproc rules Dave Corsello (Feb 07)