Snort mailing list archives

Re: Barnyard issue: Multiple entries in database for a single signature.

From: fatema bannatwala <fatema.bannatwala () gmail com>
Date: Tue, 17 Jan 2017 18:05:08 -0500

Haven't got any updates on this yet.
Has the project stopped being maintained or there are alternatives to
barnyard that I am not aware of?

Appreciate the help.

Thanks,
Fatema.

On Tue, Jan 10, 2017 at 9:59 AM, fatema bannatwala <
fatema.bannatwala () gmail com> wrote:

Also, I am running barnyard2-1.9 version.
Is barnyard2-1.14 a stable version that can be used in production?

Thanks,
Fatema.

On Tue, Jan 10, 2017 at 8:27 AM, fatema bannatwala <
fatema.bannatwala () gmail com> wrote:

Hi all,

So as the subject of this message says, there are multiple entries for
some rules getting created in the snort sql database, that is resulting in
alerts not getting logged into the database, maybe because of some
race-condition.

Hence, is there any fix/patch for this kind of situation? or anyone else
is experiencing the same?

For ex:

snort=> SELECT * FROM signature WHERE sig_sid = 40782;
 sig_id  |                            sig_name
  | sig_class_id | sig_priority | sig_rev | sig_sid | sig_gid
---------+--------------------------------------------------
---------------+--------------+--------------+---------+----
-----+---------
 1561695 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561696 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561700 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561701 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561704 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561697 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561702 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1
 1561703 | BLACKLIST User-Agent known malicious user-agent string - Venik
 |            1 |            1 |       1 |   40782 |       1


Any help would be appreciated.

Thanks,
Fatema.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Barnyard issue: Multiple entries in database for a single signature. fatema bannatwala (Jan 10)
- Re: Barnyard issue: Multiple entries in database for a single signature. fatema bannatwala (Jan 10)
  - Re: Barnyard issue: Multiple entries in database for a single signature. fatema bannatwala (Jan 17)