Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard2 database failures

From: Dave Corsello <snort-users () wintertreemedia com>
Date: Wed, 02 Jan 2013 16:24:38 -0500
I don't restart barnyard2, and I don't restart or backup the database (although I probably should). My database logs are empty.
The errors happen at random times throughout the day, and they don't correlate to any other scheduled activity. 

Again, the only factor that has changed is that Snort has been upgraded.
Is there any significance in the fact that all failed transactions contain the following string: WARNING database: [Database()] Failed transaction with current query transaction #012 

On 12/30/2012 11:54 AM, beenph wrote:

And do you use something to stop barnyard2 periodically and restart it?
Like a wrapper to pulled pork?
Would it be possible that your databaser server stop and restart?
Do you have database logs?
With the 2-1.1x code changes where made to the output plugin so that if a event is not logged, its not logged at all with 2-1.9 and historically before each of those insertion where done serially instead of being wrapped in a transaction bloc so if it was failing halfway you could find some information that was logged incompletly. So for this to happen offent, there is probably something arround by2 that would be causing/triggering the issue. 
Do you do a backup operation on your database?
Oh and this should have nothing to do with snort just to get back to the initial questionning. Snort log to unified2 and by2 process the unified2 file so there is no link betwen the database and 
snort.
-elz
On Sun, Dec 30, 2012 at 11:43 AM, Dave Corsello <snort-users () wintertreemedia com <mailto:snort-users () wintertreemedia com>> wrote: 

    Hi elz,

    Thanks for your reply.  On each sensor, barnyard2 is configured
    with a unique hostname, so that there are two sensors in the
    sensor table, and there's only one instance of Barnyard2 running
    on each sensor.

    --Dave


    On 12/29/2012 8:54 PM, beenph wrote:

        Hi dave,
        In both of your barnyard2 configuration do you use
        different information so that you have two sensor
        in your sensor table?
        Because if you use the same information, then it would
        be seen as 1 sensor and you could hit a race condition
        which could lead to this.
        So i would make sure that you both barnyard2 instances have
        different information,
        and also make sure that you do not have an other barnayrd2
        process in the backgroud .
        Mabey launched by a startup script etc.
        This error would only happen if the transaction fail
        (duplicate key) or if your database die,
        i suspect you have an other process also inserting and this is
        why your hitting this condition.
        -elz






------------------------------------------------------------------------------
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: