Snort mailing list archives

Re: 'more than one result' error messages

From: roman () danyliw com
Date: Mon, 15 Apr 2002 11:49:34 EDT

This condition should never happen; there are multiple entries in the sig_class table for
'attempted-admin' and multiple entires in the signature table for 'SMTP RCPT TO overflow'.

Can you confirm this condition?  Run the SQL that gave you these errors in psql client:

SELECT sig_class_id FROM sig_class WHERE  sig_class_name = 'attempted-admin'

SELECT sig_id FROM signature WHERE sig_name = 'SMTP RCPT TO overflow' AND  sig_rev = 1 AND
sig_sid = 654

Can you describe your deployment configuration?  Is there just one instance of snort and
the database?

Check your rules file, are there multiple signatures with the msg rule option "SMTP RCPT
TO overflow"?

cheers,
Roman

I am running snort-1.8.4, postgresql-7.2, and
ACID-0.9.6B21. Everything seems fine when I start
snort. But after a couple of minutes, there are lots
of error messages generated. The messages are
something like:

database: warning (SELECT sig_class_id FROM sig_class
WHERE  sig_class_name = 'attempted-admin') returned
more than one result
database: unable to write classification
database: warning (SELECT sig_id FROM signature WHERE
sig_name = 'SMTP RCPT TO overflow' AND  sig_rev = 1
AND sig_sid = 654 ) returned more than one result
database: Problem inserting a new signature 'SMTP RCPT
TO overflow'

Could somebody tell me the possible reasons? 
Thanks,

Weidong

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

'more than one result' error messages weidong xiao (Apr 14)
- <Possible follow-ups>
- Re: 'more than one result' error messages roman (Apr 15)