Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard2 process stops when [gid :124] [sid: 1] [upd_rev: 1] fires

From: beenph <beenph () gmail com>
Date: Wed, 30 Jul 2014 19:32:50 -0400
Did you upgrade from 2-1.9 or 2-1.10-12 ?

If so you might want to delete all preprocessor in the signature table
where sig_class is 0 OR sig_priority is 0;

1. DELETE FROM signature sig_gid > 1 AND (sig_class_id = 0 or sig_priority = 0)

Or

run the update manually
2. UPDATE signature WHERE sig_id=166 SET sig_class_id=12,sig_priority=1;


Before choosing any option do this (to see the state of the table);

SELECT sig_gid,sig_sid,sig_name FROM signature WHERE sig_class = 0 OR
sig_priority = 0 AND sig_gid > 1


And then you could run this to see how many event would be affected by
the delete.

SELECT a.sid,a.cid,a.count(*) FROM event AS a,(SELECT
sig_id,sig_gid,sig_sid FROM signature WHERE sig_class = 0 OR
sig_priority = 0 AND sig_gid > 1) AS b
WHERE a.sid = b.sid GROUP by a.sid,a.cid;




On Wed, Jul 30, 2014 at 7:54 AM, Avery Rozar
<Avery.Rozar () i-techsupport com> wrote:

SELECT * FROM signature WHERE sig_gid = 124 and sig_sid=1;

 sig_id |                sig_name                 | sig_class_id |
sig_priority | sig_rev | sig_sid | sig_gid

166 | smtp: Attempted command buffer overflow |            0 |
0 |       1 |       1 |     124
(1 row)





On 7/29/14, 7:13 PM, "beenph" <beenph () gmail com> wrote:


SELECT * FROM signature WHERE sig_gid = 124 and sig_sid=1;



On Tue, Jul 29, 2014 at 7:41 AM, Avery Rozar
<Avery.Rozar () i-techsupport com> wrote:

VERSION INFO

CentOS 6.5
PostgreSQL 8.4.20
Barnyard2 2.1.13 (Build 327)
Snort 2.9.5.6 GRE (Build 208)

ERROR MESSAGE

ERROR database: database: postgresql_error: ERROR:  permission denied
for relation signature#012
ERROR database: calling Insert() in [dbSignatureInformationUpdate()]
[dbProcessSignatureInformation()] Line[1556], call to
dbSignatureInformationUpdate failed for : #012[gid :124] [sid: 1]
[upd_rev: 1] [upd class: 12] [upd pri 1]
FATAL ERROR: [dbProcessSignatureInformation()]: Failed, stoping
processing

During the middle of operation if the smtp pre-proccesor fires
Barnyard2 dies with this error. And if I restart the process it gives
the same error and stops. If I restart snort, remove the waldo file and
then start Barntard2 it works fine until this pre-proccesor fires again.
Has anyone seen this before?

Thanks,
Avery


-------------------------------------------------------------------------
-----
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.

http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clk
trk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!




------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: