[e-smith-devinfo] snort - mysql_error: duplicate entry

Sun, 12 May 2002 17:29:17 -0700 

After some testing, I decided to put Ari's snort/acid contrib on our main
server and I am happy with the information that are provided (and I am still
learning to better analyse the information and to understand it's usage).

Although it seems to be running and updating/counting new alerts, there are
many messages in the system log like:

May  8 02:42:14 tga1 snort-mysql: database: mysql_error: Duplicate entry
'1-705' for key 1 SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES
('1', '705', '1', '2002-05-08 02:42:13+12')
May  8 02:42:14 tga1 snort-mysql: database: mysql_error: Duplicate entry
'1-705' for key 1 SQL=INSERT INTO tcphdr (sid, cid, tcp_sport, tcp_dport,
tcp_seq, tcp_ack, tcp_off, tcp_res, tcp_flags, tcp_win, tcp_csum, tcp_urp)
VALUES
('1','705','3356','80','2799049815','3843409774','5','0','24','17520','32423
','0')
May  8 02:42:14 tga1 snort-mysql: database: mysql_error: Duplicate entry
'1-705' for key 1 SQL=INSERT INTO iphdr (sid, cid, ip_src, ip_dst,
ip_ver,ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off,ip_ttl, ip_proto,
ip_csum) VALUES
('1','705','3530685798','3232236026','4','5','0','112','57427','0','0','112'
,'6','38841')
May  8 02:42:14 tga1 snort-mysql: database: mysql_error: Duplicate entry
'1-705' for key 1 SQL=INSERT INTO data (sid,cid,data_payload) VALUES
('1','705','474554202F736372697074732F726F6F742E6578653F2F632B64697220485454
502F312E300D0A486F73743A207777770D0A436F6E6E6E656374696F6E3A20636C6F73650D0A
0D0A')
May  8 02:42:15 tga1 snort-mysql: database: mysql_error: Duplicate entry
'1-706' for key 1 SQL=INSERT INTO event (sid,cid,signature,timestamp) VALUES
('1', '706', '2', '2002-05-08 02:42:15+12')
May  8 02:42:15 tga1 snort-mysql: database: mysql_error: Duplicate entry
'1-706' for key 1 SQL=INSERT INTO tcphdr (sid, cid, tcp_sport, tcp_dport,
tcp_seq, tcp_ack, tcp_off, tcp_res, tcp_flags, tcp_win, tcp_csum, tcp_urp)
VALUES
('1','706','3487','80','2805549709','3832388044','5','0','24','17520','18079
','0')
May  8 02:42:15 tga1 snort-mysql: database: mysql_error: Duplicate entry
'1-706' for key 1 SQL=INSERT INTO iphdr (sid, cid, ip_src, ip_dst,
ip_ver,ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off,ip_ttl, ip_proto,
ip_csum) VALUES
('1','706','3530685798','3232236026','4','5','0','120','57733','0','0','112'
,'6','38527')

Has anyone else seen those in their logs?

Regards,
Michael Doerner


--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org

Reply via email to