Snort mailing list archives

Re: Barnyard issue: Multiple entries in database for a single signature.

From: fatema bannatwala <fatema.bannatwala () gmail com>
Date: Tue, 10 Jan 2017 09:59:53 -0500

Also, I am running barnyard2-1.9 version.
Is barnyard2-1.14 a stable version that can be used in production?

Thanks,
Fatema.

On Tue, Jan 10, 2017 at 8:27 AM, fatema bannatwala <
fatema.bannatwala () gmail com> wrote:

Hi all,

So as the subject of this message says, there are multiple entries for
some rules getting created in the snort sql database, that is resulting in
alerts not getting logged into the database, maybe because of some
race-condition.

Hence, is there any fix/patch for this kind of situation? or anyone else
is experiencing the same?

For ex:

snort=> SELECT * FROM signature WHERE sig_sid = 40782;
 sig_id  |                            sig_name
| sig_class_id | sig_priority | sig_rev | sig_sid | sig_gid
---------+--------------------------------------------------
---------------+--------------+--------------+---------+----
-----+---------
 1561695 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561696 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561700 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561701 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561704 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561697 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561702 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561703 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1


Any help would be appreciated.

Thanks,
Fatema.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Barnyard issue: Multiple entries in database for a single signature. fatema bannatwala (Jan 10)
- Re: Barnyard issue: Multiple entries in database for a single signature. fatema bannatwala (Jan 10)
  - Re: Barnyard issue: Multiple entries in database for a single signature. fatema bannatwala (Jan 17)