Bug#321046: Lots of "returned more than one result" for SELECT queries

Tue, 02 Aug 2005 19:53:20 -0700 

Package: snort-pgsql
Version: 2.3.2-3
Severity: normal

There is a lot of 

Aug  2 19:47:45 polaris snort: database: warning (SELECT sig_id   FROM 
signature  WHERE sig_name = 'ICMP Destination Unreachable Communication with 
Destination Host is Administratively Prohibited'    AND sig_rev = 4    AND 
sig_sid = 486 ) returned more than one result
Aug  2 19:47:45 polaris snort: database: warning (SELECT sig_id   FROM 
signature  WHERE sig_name = 'ICMP Destination Unreachable Communication with 
Destination Host is Administratively Prohibited'    AND sig_rev = 4    AND 
sig_sid = 486 ) returned more than one result
Aug  2 19:47:45 polaris snort: database: Problem inserting a new signature 
'ICMP Destination Unreachable Communication with Destination Host is 
Administratively Prohibited'

type of messages. Resetting the database does not help since these start 
appearing anyway.
It is almost like snort is not using transactions when inserting new data which 
*will* cause
all sort of problems like this.

This problem can be fixed in the database schema itself instead of making snort 
use transactions
(if it is not using them already!). That is, adding foreign keys on the 
appropriate
records such that the errors "returned more than one result" would not happen.

- Adam


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages snort-pgsql depends on:
ii  adduser                    3.63          Add and remove users and groups
ii  debconf                    1.4.30.13     Debian configuration management sy
ii  libc6                      2.3.2.ds1-22  GNU C Library: Shared libraries an
ii  libpcap0.8                 0.8.3-5       System interface for user-level pa
ii  libpcre3                   4.5-1.2       Perl 5 Compatible Regular Expressi
ii  libpq3                     7.4.7-6sarge1 PostgreSQL C client library
ii  logrotate                  3.7-5         Log rotation utility
ii  snort-common               2.3.2-3       Flexible Network Intrusion Detecti
ii  snort-rules-default        2.3.2-3       Flexible Network Intrusion Detecti
ii  sysklogd [system-log-daemo 1.4.1-17      System Logging Daemon

-- debconf information:
* snort-pgsql/db_database: snort
* snort-pgsql/db_user: snort
* snort-pgsql/db_host: localhost
* snort-pgsql/stats_treshold: 1
* snort-pgsql/options:
* snort-pgsql/address_range: 
'external1'/32,'external2'/32,10.0.0.0/8,192.168.53.0/24
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- "hidden" :)
* snort-pgsql/stats_rcpt: root
* snort-pgsql/disable_promiscuous: true
  snort-pgsql/please_restart_manually:
* snort-pgsql/startup: boot
  snort-pgsql/config_parameters:
* snort-pgsql/wait_for_db_config:
* snort-pgsql/reverse_order: false
* snort-pgsql/interface: ppp0 ppp1 eth2 eth1
* snort-pgsql/configure_db: true


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to