Hosting Provided By

[Snort-devel] Bug? Problem inserting a new signature

From: Piotr Woliñski <pwolinski(at)dfqs.pl>
Date: Thu Apr 08 2004 - 05:05:23 EDT

snort-2.1.0 (running 2 instances, listening on 2 interfaces) acid-0.9.6b23
postgresql 7.4.2

I see somethig strange in logs:

warning (SELECT sig_id FROM signature WHERE sig_name = 'ICMP PING NMAP' AND sig_rev = 1 AND sig_sid = 469 ) returned more than one result
warning (SELECT sig_id FROM signature WHERE sig_name = 'ICMP PING NMAP' AND sig_rev = 1 AND sig_sid = 469 ) returned more than one result
Problem inserting a new signature 'ICMP PING NMAP' warning (SELECT ref_id FROM reference WHERE ref_system_id = 3 AND ref_tag = '162') returned more than one result warning (SELECT ref_id FROM reference WHERE ref_system_id = 3 AND ref_tag = '162') returned more than one result Unable to insert the alert reference into the DB postgresql_error: ERROR: duplicate key violates unique constraint "sig_reference_pkey"
postgresql_error: ERROR: current transaction is aborted, commands ignored until end of transaction block

I do some investigation in psql:

snort=# select sig_name, count(*) as a from signature snort-# group by sig_name having count(*)>1;

sig_name | a

-----------------------------------+---
  ICMP PING NMAP                    | 3
  SHELLCODE x86 NOOP                | 2

WEB-MISC http directory traversal | 2

I supose multiple sig_name is not allowed. I try to fix it, but i can't see any foreign keys... I don't want to break something.
Could you help me?

BTW. Why db doesn't have some unique constransts and foreing key? Is it problem with poor performance?

Do you need help?

How to avoid these problems in future?
Greetings

-- 
_____________________________________________________
Piotr Woliñski                       Dom Finansowy QS



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.
http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Received on Thu Apr 8 04:54:07 2004

This message: [ Message body ]
Next message: SourceForge.net: "[Snort-devel] [ snort-Support Requests-931427 ] snort-postgresql dependencies in Fedora-1"
Previous message: Marc Norton: "RE: [Snort-devel] Snort Pattern Search Algorithms"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:10 EDT