Snort mailing list archives
Re: Barnyard issue: Multiple entries in database for a single signature.
From: fatema bannatwala <fatema.bannatwala () gmail com>
Date: Tue, 10 Jan 2017 09:59:53 -0500
Also, I am running barnyard2-1.9 version. Is barnyard2-1.14 a stable version that can be used in production? Thanks, Fatema. On Tue, Jan 10, 2017 at 8:27 AM, fatema bannatwala < fatema.bannatwala () gmail com> wrote:
Hi all, So as the subject of this message says, there are multiple entries for some rules getting created in the snort sql database, that is resulting in alerts not getting logged into the database, maybe because of some race-condition. Hence, is there any fix/patch for this kind of situation? or anyone else is experiencing the same? For ex: snort=> SELECT * FROM signature WHERE sig_sid = 40782; sig_id | sig_name | sig_class_id | sig_priority | sig_rev | sig_sid | sig_gid ---------+-------------------------------------------------- ---------------+--------------+--------------+---------+---- -----+--------- 1561695 | BLACKLIST User-Agent known malicious user-agent string - Venik | 1 | 1 | 1 | 40782 | 1 1561696 | BLACKLIST User-Agent known malicious user-agent string - Venik | 1 | 1 | 1 | 40782 | 1 1561700 | BLACKLIST User-Agent known malicious user-agent string - Venik | 1 | 1 | 1 | 40782 | 1 1561701 | BLACKLIST User-Agent known malicious user-agent string - Venik | 1 | 1 | 1 | 40782 | 1 1561704 | BLACKLIST User-Agent known malicious user-agent string - Venik | 1 | 1 | 1 | 40782 | 1 1561697 | BLACKLIST User-Agent known malicious user-agent string - Venik | 1 | 1 | 1 | 40782 | 1 1561702 | BLACKLIST User-Agent known malicious user-agent string - Venik | 1 | 1 | 1 | 40782 | 1 1561703 | BLACKLIST User-Agent known malicious user-agent string - Venik | 1 | 1 | 1 | 40782 | 1 Any help would be appreciated. Thanks, Fatema.
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard issue: Multiple entries in database for a single signature. fatema bannatwala (Jan 10)
- Re: Barnyard issue: Multiple entries in database for a single signature. fatema bannatwala (Jan 10)
- Re: Barnyard issue: Multiple entries in database for a single signature. fatema bannatwala (Jan 17)
- Re: Barnyard issue: Multiple entries in database for a single signature. fatema bannatwala (Jan 10)