Re: Barnyard2 problems with reputation preproc rules

[beenph <beenph () gmail com>]

On Sun, Feb 2, 2014 at 8:29 AM, Dave Corsello
<snort-users () wintertreemedia com> wrote:
> No, sorry, I forgot to include version info.  I've been on by2 version
> 2.1.13 build 327 and snort 2.9.5.5 for months.  All snort tables are
> InnoDB; all acid tables are MyISAM.  None of this has changed.  The only
> thing that's changed that I can see is the number of blacklist IP's, but
> that changes almost daily.  i suppose I could try deleting signature
> 16501, but it's linked to thousands of events.
Yup, but you also have been having SQL issues a different level, Which
version of MySQL are you using again?

the multiple issue you have been having with sql could mean that in
the past you have converted using ALTER TABLE,
rather than create the database based on innodb storage engine.

I looked back to previous thread you had written on the by2 mailing list
 and can't find info on your mysql version.

I would be interesting to see the result of the following query.

SELECT * FROM signature WHERE sig_id IN (16501,17372)

-elz

------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!