Re: [Snort-users] error inserting values into mysql DB

This is a discussion on Re: [Snort-users] error inserting values into mysql DB within the Snort forums, part of the System Security and Security Related category; --Apple-Mail-10-1014573898 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed I'...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page Re: [Snort-users] error inserting values into mysql DB

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-10-2006
A. J. Wright
 
Posts: n/a
Default Re: [Snort-users] error inserting values into mysql DB

--Apple-Mail-10-1014573898
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed

I'm not sure which platform you're running on, but check to make sure
an additional instance of snort isn't running.

Something like "ps -eaf | fgrep snort" or "ps -auxc | fgrep snort" or
even possibly "ps -u snort". Kill everything that shows up, then
restart your snort job.

Just in case something is going completely wonky ... rebooting never
fixes anything, but have you tried it?

If its not a duplicate snort process issue, I'm stumped and
graciously resubmit this to Those On The List With More Experience.

Cheers,
--aj

A. J. Wright -- <ajw@utk.edu>
Senior Security Analyst, Information Security Office
University of Tennessee, Knoxville



On Apr 10, 2006, at 9:47 AM, devork wrote:

> Yes you are right, I have only one instance running but still the same
> error with mysql or postgresql
> stopped the /var/run/snort_eth0.pid process and ran through command
> line switch
> snort -i eth0 -c /etc/snort/snort.conf
>
> but still the same error.
>
> "
> database: postgresql_error: ERROR: duplicate key violates unique
> constraint "data_pkey"
>
> database: postgresql_error: ERROR: duplicate key violates unique
> constraint "data_pkey"
> "
> ( This one is postgresql error message, previous one posted was of
> mysql )
>
> -dvk
>
> On 4/10/06, A. J. Wright <ajw@utk.edu> wrote:
> > I've had this problem when multiple instances of snort were running
> > on the box at the same time. Occasionally snort shrugs off SIGTERM
> > and you have to be a little more violent.
> >
> > Both instances would see the same event on the same ethernet device
> > at the same time, and try to insert the (same) event into the
> > database. MySQL would promptly balk at inserting duplicate events,
> > causing that error message.
> >
> > I suppose it might also be possible if you have duplicate, but
> > generally equivalent, MySQL alert/log outputs defined.
> >
> > Luck,
> > --aj
> >
> > A. J. Wright -- <ajw@utk.edu>
> > Senior Security Analyst, Information Security Office
> > University of Tennessee, Knoxville
> >
> > On Apr 10, 2006, at 9:17 AM, devork wrote:
> >
> > > I have mysql database set as output plugin in snort.conf
> > > configuration file.
> > > but when any alert is generated it gives following error.
> > >
> > > --------------------- ------------
> > > SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES ('2',
> > > '135', '548', ' 2006-04-10 12:37:51.284+005')
> > > database: mysql_error: Duplicate entry '2' for key 1
> > > SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES ('2',
> > > '136', '548', ' 2006-04-10 12:37:51.284+005')
> > > database: mysql_error: Duplicate entry '2' for key 1
> > > SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES ('2',
> > > '137', '548', ' 2006-04-10 12:37:51.284+005')
> > > database: mysql_error: Duplicate entry '2' for key 1
> > > --------------------- ------------
> > > #mysql -V
> > > mysql Ver 14.7 Distrib 4.1.14, for pc-linux-gnu (i686) using
> > > readline 4.3
> > >
> > > regards,
> > > dvk
> > >
> >
> >
> >
> >
>


--Apple-Mail-10-1014573898
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Disposition: attachment;
filename=smime.p7s

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCS qGSIb3DQEHAQAAoIINVDCCAz8w
ggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBA YTAlpBMRUwEwYDVQQIEwxXZXN0
ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UECh MRVGhhd3RlIENvbnN1bHRpbmcx
KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aX Npb24xJDAiBgNVBAMTG1RoYXd0
ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJAR YccGVyc29uYWwtZnJlZW1haWxA
dGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMz U5NTlaMGIxCzAJBgNVBAYTAlpB
MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdG QuMSwwKgYDVQQDEyNUaGF3dGUg
UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhk iG9w0BAQEFAAOBjQAwgYkCgYEA
xKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7d
yfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B7 9AgAJk16emu59l0cUqVIUPSAR/
p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDow
OKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZX Jzb25hbEZyZWVtYWlsQ0EuY3Js
MAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAx MRUHJpdmF0ZUxhYmVsMi0xMzgw
DQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svs IXoUOWlJ1/TCG4+DYfqi2fNi/A
9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVy WN3amcOY6MIE9lX5Xa9/eH1sYI
Tq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8wggM/MIICqKADAgECAgENMA0GCSqGSIb3
DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdG VybiBDYXBlMRIwEAYDVQQHEwlD
YXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMS gwJgYDVQQLEx9DZXJ0aWZpY2F0
aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dG UgUGVyc29uYWwgRnJlZW1haWwg
Q0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQH RoYXd0ZS5jb20wHhcNMDMwNzE3
MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQT ElMCMGA1UEChMcVGhhd3RlIENv
bnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIF BlcnNvbmFsIEZyZWVtYWlsIElz
c3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM SmPFVzVftOucqZWh5owHUEcJ3f
6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3c nwK4Vaqj9xVsuvPAsH5/EfkTYk
KhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAA Gj
gZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRo
YXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybD ALBgNVHQ8EBAMCAQYwKQYDVR0R
BCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA 0GCSqGSIb3DQEBBQUAA4GBAEiM
0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwP QcUCCTcDz9reFhYsPZOhl+hLGZ
GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE 6u9uo05RAaWzVNd+NWIXiC3CEZ
Nd4ksdMdRv9dX2VPMIIDYzCCAsygAwIBAgIDD4+VMA0GCSqGSI b3DQEBBAUAMGIxCzAJBgNVBAYT
AlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KS BMdGQuMSwwKgYDVQQDEyNUaGF3
dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNT A5MjgxODU3NTFaFw0wNjA5Mjgx
ODU3NTFaMIHcMQswCQYDVQQGEwJVUzESMBAGA1UECBMJVGVubm Vzc2VlMRIwEAYDVQQHEwlLbm94
dmlsbGUxIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgVGVubmVzc2 VlMSMwIQYDVQQMExpTeXN0ZW1z
IFByb2dyYW1tZXIvQW5hbHlzdDEPMA0GA1UEBBMGV3JpZ2h0MR QwEgYDVQQqEwtBbGJlcnQgSm9o
bjEbMBkGA1UEAxMSQWxiZXJ0IEpvaG4gV3JpZ2h0MRowGAYJKo ZIhvcNAQkBFgthandAdXRrLmVk
dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALG6og fgTDrgU+t+Jm6GAVxCqmyml5mR
splqc283KnX3CuwmZOO7oAtu/0kMfDdQnW9K6OSJKDHftGW06cEorWQG4hO5mHB5RyC7/loGbHOh
8p/lVcAHy3My8EpLLI1KRqoIk4ANPpjh4nPM6JMBWz8Tiv81iRgdm AxdR0i16gvMWMt7FMi/S9Pg
jkGJoe9OVURZv+RrxFnvZvvbWzTi12CJWdaCjzBtGMeWDsLfOc jAhDTcikXWB5MA5c8lHRKCb94m
g/gKQTtT3UoeW87aEpt8l4IibKTJVtEjOlymk69RtX9dZ9/wYsebDW3kzd7WwPCfJiwlSfTnU8Fh
xsSKBlcCAwEAAaMoMCYwFgYDVR0RBA8wDYELYWp3QHV0ay5lZH UwDAYDVR0TAQH/BAIwADANBgkq
hkiG9w0BAQQFAAOBgQCDOCjO918Ot2jhwQINv7zVzg9YWlhl5z hQ2PcqiSn3/is7P9b4uRjeTfe/
S6MdZBxqLFqvrHhZVMIi7yG4XNgWZV5xqewppT0oO8uWvriWLl 4zijynMzP2Z3t4Dy15xHIA+dEI
UpcY4r2mp91NpRYt/h8hWg0W5iaf2pAkqMvN8zCCA2MwggLMoAMCAQICAw/EPDANBgkqhkiG9w0B
AQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIE NvbnN1bHRpbmcgKFB0eSkgTHRk
LjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIE lzc3VpbmcgQ0EwHhcNMDUxMTAx
MTg0OTAzWhcNMDYxMTAxMTg0OTAzWjCB3DELMAkGA1UEBhMCVV MxEjAQBgNVBAgTCVRlbm5lc3Nl
ZTESMBAGA1UEBxMJS25veHZpbGxlMSAwHgYDVQQKExdVbml2ZX JzaXR5IG9mIFRlbm5lc3NlZTEj
MCEGA1UEDBMaU3lzdGVtcyBQcm9ncmFtbWVyL0FuYWx5c3QxDz ANBgNVBAQTBldyaWdodDEUMBIG
A1UEKhMLQWxiZXJ0IEpvaG4xGzAZBgNVBAMTEkFsYmVydCBKb2 huIFdyaWdodDEaMBgGCSqGSIb3
DQEJARYLYWp3QHV0ay5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4 IBDwAwggEKAoIBAQDBbwPHDOt4
pFCC3YTPoVsPiGH4TjaotDEMMawBa8unsLi27DerpJppMdNfT+ OnTKHE7XDVzwZBwTxbQXrQ8zSJ
BYonrVxDGviMHc6WznqJ9RHB9DTRKth+03Cpw7Snu0x/QcZNVzyuv8M9pL4y4n/rP24RZXxkjg0F
e4LB5NGip09WUo6yzo7RN5FGQ5/6P4BhaiAC/BqfPf40G5p9J7KDgL7UGRvYuS4z9kB0s60wqG2g
NvDUFFAFgO96msUaggYoIgU/ZFl+yjSZ6EIjdJI2sgmVW519oVcDSqtepUiRZDtNNMugRg5jdZ yE
p03aqVwh82so+Q+rpsvcRBXWf1VVAgMBAAGjKDAmMBYGA1UdEQ QPMA2BC2Fqd0B1dGsuZWR1MAwG
A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAU5n0TPjl4T0gMVNlj/COWOY0Vgjj7u5dBB+W
HpIaP5qjMfY2PC/YQIPbMQcXY/WIQqbgqy5febz63a2/dyON1t2XO5RHPwNFNDdrztnwpPb86/SR
HKRlMbC71I3EUVY3ajl4CHrA7QSNEdBYPS5GYgWXmzL9Nqfj++ 8MxYY6l0wxggLnMIIC4wIBATBp
MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3 VsdGluZyAoUHR5KSBMdGQuMSww
KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdW luZyBDQQIDD8Q8MAkGBSsOAwIa
BQCgggFTMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKo ZIhvcNAQkFMQ8XDTA2MDQxMDE0
MDY1NVowIwYJKoZIhvcNAQkEMRYEFHPoFekaef6TwJ0uLiff77 vNUY+VMHgGCSsGAQQBgjcQBDFr
MGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb2 5zdWx0aW5nIChQdHkpIEx0ZC4x
LDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3 N1aW5nIENBAgMPj5UwegYLKoZI
hvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKEx xUaGF3dGUgQ29uc3VsdGluZyAo
UHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRn JlZW1haWwgSXNzdWluZyBDQQID
D4+VMA0GCSqGSIb3DQEBAQUABIIBAG1HX3eCeMOJ+Bq6Z0+jZ2 jmrKfhpoKc4zqk5YG1FrrldNsQ
DS8MDLMHuaWiwYFTNdi6cgV6HNpu0thGcbi7CJw2UTWKr1BvKd bN+kH6whg/CcxQfQpH5vp7xqNI
aW49R0jnb7Nb1+fZ0X4HrwLbT/4w5JFUwmmNucUT7yjAFbnMqDNoWq6NR2yNz5vVI9g1QlIJCJ4O
ABzYmDimUtzZqBMJYNePD2CE/WkS3+A6YsKIv0d9kk4oYjk/V6cntw1LycKiDBdqDHWZgZMGoKTk
Oc1xD2xC5Si2wWKmsr3LDXoEhrR3h6s050RksjnW3lQid512na phCGjmgWL1QDswvogAAAAAAAA=

--Apple-Mail-10-1014573898--


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=...720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 03:23 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0