Snort mailing list archives

RE: snort warnings

From: Bryan Irvine <bryan.irvine () kingcountyjournal com>
Date: 06 Aug 2003 16:10:13 -0700

I've never tried either.  This is really starting to get on my nerves
though.  

I just blew up the DB again (via dropdb) updated the postgresql schema
to the one that came with 2.0.1, and upgraded the version of snort on
both boxes to 2.0.1 and it ran for about 10 minutes without any problems
(I thought it was fixed) but now it's right back to the same old
problems.

AAAAAAARRRRGHHHH!!!!!


Any snort guru's that understand why I'm getting the output listed below
the line?

--Bryan

###########THE LINE##########

# Aug  6 15:38:48 knox3 last message repeated 987 times
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: unable to write classification 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-PHP content-disposition' AND  sig_rev =
6 AND sig_sid = 1425 ) returned more than one result 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: Problem inserting a new signature
'WEB-PHP content-disposition' 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: warning (SELECT ref_id FROM
reference WHERE ref_system_id = 3 AND ref_tag = '4183') returned more
than one result 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: Unable to insert the alert
reference into the DB 
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:40:44 knox3 snort: database: postgresql_error: ERROR:  Cannot
insert a duplicate key into unique index sig_reference_pkey  
Aug  6 15:42:56 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:42:56 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:42:56 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:42:56 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:42:56 knox3 snort: database: unable to write classification 
Aug  6 15:42:56 knox3 snort: database: unable to write classification 

# Aug  6 15:47:20 knox3 snort: database: warning (SELECT sig_class_id
FROM sig_class WHERE  sig_class_name = 'web-application-attack')
returned more than one result 
Aug  6 15:47:20 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:47:20 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:47:20 knox3 snort: database: warning (SELECT sig_class_id FROM
sig_class WHERE  sig_class_name = 'web-application-attack') returned
more than one result 
Aug  6 15:47:20 knox3 snort: database: unable to write classification 
Aug  6 15:47:20 knox3 snort: database: unable to write classification 

# 


On Wed, 2003-08-06 at 14:35, Everist, Benjamin S. (NASWI) wrote:

well... (helpless shrug) you could uncomment #define DEBUG in
spo_database.c and recompile...  I've never tried that (and I don't
speak C) so I don't know what help it might give.


Benjamin




-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort warnings Bryan Irvine (Aug 05)
- <Possible follow-ups>
- RE: snort warnings Everist, Benjamin S. (NASWI) (Aug 06)
  - RE: snort warnings Bryan Irvine (Aug 06)
    - RE: snort warnings Erek Adams (Aug 06)
    - RE: snort warnings Bryan Irvine (Aug 06)
    - RE: snort warnings Bryan Irvine (Aug 06)
- RE: snort warnings Everist, Benjamin S. (NASWI) (Aug 06)
  - RE: snort warnings Bryan Irvine (Aug 06)
- RE: snort warnings Everist, Benjamin S. (NASWI) (Aug 06)
  - RE: snort warnings Bryan Irvine (Aug 06)
  - RE: snort warnings Bryan Irvine (Aug 06)
- RE: snort warnings Michael J. McCasland (Aug 07)