RE: snort warnings

["Everist, Benjamin S. (NASWI)" <EveristB () naswi navy mil>]

be my guest.  Another question - you wrote in another post:
"the 2.0.0 box starts quietly and I don't see any output when I run the
script, the 2.0.1 box scrolls the regular startup output when started."

Snort scrolling the startup output to stdout sounds like it -isn't- starting
in Daemon mode.  What's up with that?

-----Original Message-----
From: Bryan Irvine [mailto:bryan.irvine () kingcountyjournal com]
Sent: Wednesday, August 06, 2003 9:58 AM
To: Everist, Benjamin S. (NASWI)
Subject: RE: [Snort-users] snort warnings


i uhm...get 141 rows....

odd...might if I repost your message to the list?


--Bryan

On Wed, 2003-08-06 at 09:47, Everist, Benjamin S. (NASWI) wrote:
> Just out of curiosity, if you log into postgres and issue the
> following query:
>
> select * from signature where sig_name = 'WEB-CGI adcycle access' and
> sig_rev = 3 and sig_sid = 1721;
>
> what do you get?  In mysql, I get:
+--------+------------------------+--------------+--------------+---------+-
--------+
> | sig_id | sig_name               | sig_class_id | sig_priority |
> sig_rev | sig_sid |
+--------+------------------------+--------------+--------------+---------+-
--------+
> |     39 | WEB-CGI adcycle access |            5 |            2
> |       3 |    1721 |
+--------+------------------------+--------------+--------------+---------+-
--------+
> 1 row in set (0.00 sec)
>
> It looks as if snort is expecting one record and getting >1.  Snort is
> then writing the error to stdout.
>
>
> -----Original Message-----
> From: Bryan Irvine [mailto:bryan.irvine () kingcountyjournal com]
> Sent: Tuesday, August 05, 2003 3:06 PM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] snort warnings
>
>
> I get tons of these errors
>
> Aug  5 14:48:10 knox3 snort: database: warning (SELECT sig_id FROM
> signature WHERE sig_name = 'WEB-CGI adcycle access' AND  sig_rev = 3
> AND
> sig_sid = 1721 ) returned more than one result 
> Aug  5 14:48:10 knox3 snort: database: warning (SELECT sig_id FROM
> signature WHERE sig_name = 'WEB-CGI adcycle access' AND  sig_rev = 3
> AND
> sig_sid = 1721 ) returned more than one result 
> Aug  5 14:48:10 knox3 snort: database: Problem inserting a new
> signature
> 'WEB-CGI adcycle access' 
> Aug  5 14:48:10 knox3 snort: database: Problem inserting a new
> signature
> 'WEB-CGI adcycle access'
>
> the odd thing is, this is set to run in daemon mode and log to
> postgres
> so i'm not sure why i'm even getting the errors to stdout.
>
> This is the script I'm using to start snort.
>
> snort -o -b -l /var/www/htdocs/snort/fxp0 -d -D -i fxp0 -c
> /usr/local/share/snort/fxp0.conf not host '(192.233.100.178)'
>
> snort -o -b -l /var/www/htdocs/snort/fxp1 -d -D -i fxp1 -c
> /usr/local/share/snort/fxp1.conf not host '(192.233.100.178)'
>
> any ideas?
>
> --Bryan