Barnyard2 sql insert failure

["Kaon Thana" <kthana () talkpoint com>]

Hey Folks,

 

I have a centralized mysql server accepting multiple barnyard2 sensors.
One of the sensors has crashed twice in the last week with a SQL insert
error.

 

I run a weekly script with pulled pork to try and keep all the rules in
sync on each server.

 

Each barnyard sensor has a unique hostname or unique interface name.

 

Any thoughts as to why this crash happens.. Log lines below:

 

Barnyard2 version Version 2.1.13 (Build 327)

 

Feb 28 12:00:58 xxx barnyard2[63889]: Barnyard2 initialization completed
successfully (pid=63889)

Feb 28 12:00:58 xxx barnyard2[63889]: Using waldo file xxxRedactedxxx

Feb 28 12:00:58 xxx barnyard2[63889]: Opened spool file
'/var/log/snort/merged.log.1488301165'

Feb 28 12:00:58 xxx barnyard2[63889]: Waiting for new data

Mar  2 06:56:36 xxx barnyard2[63889]: [Database()]: Insertion of Query
[INSERT INTO event (sid,cid,signature,timestamp) VALUES (12, 427174, 236,
'2017-03-02 05:59:40');] failed

Mar  2 06:56:36 xxx barnyard2[63889]: WARNING database: [Database()]
Failed transaction with current query transaction

Mar  2 06:56:36 xxx barnyard2[63889]: WARNING database: Failed Query
Position [1] Failed Query Body [INSERT INTO event
(sid,cid,signature,timestamp) VALUES (12, 427174, 236, '2017-03-02
05:59:40');]

Mar  2 06:56:36 xxx barnyard2[63889]: WARNING database: Failed Query
Position [2] Failed Query Body [INSERT INTO tcphdr (sid, cid, tcp_sport,
tcp_dport, tcp_seq, tcp_ack, tcp_off, tcp_res, tcp_flags, tcp_win,
tcp_csum, tcp_urp) VALUES xxxRedactedxxx

Mar  2 06:56:36 xxx barnyard2[63889]: WARNING database: Failed Query
Position [3] Failed Query Body [INSERT INTO iphdr (sid, cid, ip_src,
ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off,ip_ttl,
ip_proto, ip_csum) VALUES xxxRedactedxxx

Mar  2 06:56:36 xxx barnyard2[63889]: WARNING database: Failed Query
Position [4] Failed Query Body [INSERT INTO data (sid,cid,data_payload)
VALUES xxxRedactedxxx

Mar  2 06:56:36 xxx barnyard2[63889]: WARNING database [Database()]: End
of failed transaction block

Mar  3 00:58:47 xxx barnyard2[63889]: INFO
[dbProcessSignatureInformation()]: [Event: 60] with [gid: 1] [sid: 41696]
[rev: 1] [classification: 12] [priority: 1] Signature Message ->
"[SERVER-WEBAPP Avtech IP Camera cloudsetup.cgi command execution
attempt]"     was not found in barnyard2 signature cache, this could mean
its is the first time the signature is processed, and will be inserted
in the database with the above information, this message should only be
printed once for each signature that is not  present in the database
The new inserted signature will not have its information present in the
sig_reference table,it should be present on restart     if the information
is present in the sid-msg.map file.          You can allways update the
message via a SQL query if you want it to be displayed correctly by your
favorite interface

Mar  3 00:58:47 xxx barnyard2[63889]: [dbProcessSignatureInformation()]:
ERROR inserting new signature

Mar  3 00:58:47 xxx barnyard2[63889]: FATAL ERROR:
[dbProcessSignatureInformation()]: Failed, stoping processing

Mar  3 00:58:47 xxx barnyard2[63889]: Barnyard2 exiting

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!