Re: Barnyard2 DB error and it will not start

[elof () sentor se]

Hi Avery!

Yes, this is a confusing/misleading error message.

Since the cache sync is performed within a transaction, the duplicate 
insert will never actually happen.


So, you seem to already have metadata populated in the DB, while the sync 
tries to add more/other data to some reference.


Your problem might disappear if you run these commands, to find dupes and 
remove them:
DELETE FROM signature where sig_id NOT IN ( select min(dup.sig_id) from 
signature dup group by sig_sid,sig_gid,sig_rev);
DELETE FROM reference_system where ref_system_id NOT IN ( select 
min(dup.ref_system_id) from reference_system dup group by 
ref_system_name);
DELETE FROM sig_class where sig_class_id NOT IN ( select 
min(dup.sig_class_id) from sig_class dup group by sig_class_name);
DELETE FROM reference where ref_id NOT IN ( select min(dup.ref_id) from 
reference dup group by ref_system_id,ref_tag);


...but I think not. I guess you don't have dupes, but conflicting data in 
the DB vs what is in your new snort.conf rules.
So if the above don't work, I would reset the entire metadata system and 
let by2 re-populate it from scratch.
Note: old events will no longer show correct references.

Here's an example for Postgres:
DELETE FROM public.reference; DELETE FROM public.sig_reference; DELETE 
FROM public.signature; DELETE FROM public.sig_class; DELETE FROM 
public.reference_system;
ALTER SEQUENCE public.sig_class_sig_class_id_seq RESTART WITH 1;




See my thread "Barnyard2 fatal error duplicate references, but there are 
no duplicates" from thu, 1 Nov 2012.

/Elof


On Tue, 7 Jul 2015, Avery Rozar wrote:

> I get this error when I try to start barnyard, what is the proper solution
> for this? If I run the SQL query I only get one result so I'm not sure what
> the issue may be.
>
>
>
> ERROR database: Query [SELECT ref_id FROM reference WHERE ref_system_id =
> '10' AND ref_tag = '27676';] returned more than one result
>
> [SystemCacheSynchronize()], Call to ReferencePopulateDatabase() failed
>
> [CacheSynchronize()]:, SystemCacheSyncronize() call failed.
>
>
>
> SQL Query on the database:
>
> csdashboard=# SELECT ref_id FROM reference WHERE ref_system_id = '10' AND
> ref_tag = '27676';
>
> ref_id
>
> --------
>
>  26976
>
> (1 row)

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!