падает barnyard2
смотрим логи… видим…
вырос дубль… при этом barnyard2 уходит в down
бежим на оф.сайт и забираем последнию версию.
чистим таблицу с sig_reference
заново включаем/если выключали
root@suricata:~# cat syslog
Aug 23 10:35:17 suricata barnyard2: #012#012+[ Signature Suppress list ]+#012----------------------------
Aug 23 10:35:17 suricata barnyard2: +[No entry in Signature Suppress List]+
Aug 23 10:35:17 suricata barnyard2: ----------------------------#012+[ Signature Suppress list ]+#012
Aug 23 10:35:19 suricata barnyard2: Barnyard2 spooler: Event cache size set to [2048]
Aug 23 10:35:19 suricata barnyard2: Log directory = /var/log/suricata
Aug 23 10:35:19 suricata barnyard2: INFO database: Defaulting Reconnect/Transaction Error limit to 10
Aug 23 10:35:19 suricata barnyard2: INFO database: Defaulting Reconnect sleep time to 5 second
Aug 23 10:35:19 suricata barnyard2: DEBUG => [Alert_FWsam](AlertFWsamSetup) Using alternative file: /usr/local/etc/sid-fwsam.map
Aug 23 10:35:19 suricata barnyard2: INFO => [Alert_FWsam](AlertFWsamSetup) Using sid-map file: /usr/local/etc/sid-fwsam.map
Aug 23 10:35:19 suricata barnyard2: INFO => [Alert_FWsam](FWsamCheckIn) Connected to host .
Aug 23 10:35:19 suricata barnyard2: Initializing daemon mode
Aug 23 10:35:19 suricata barnyard2: Daemon initialized, signaled parent pid: 5471
Aug 23 10:35:19 suricata barnyard2: PID path stat checked out ok, PID path set to /var/run/
Aug 23 10:35:19 suricata barnyard2: Daemon parent exiting
Aug 23 10:35:19 suricata barnyard2: Writing PID "5481" to file "/var/run//barnyard2_p4p1.pid"
............ skip ..........
Aug 23 10:35:25 suricata barnyard2: Node unique name is: suricata:p4p1#012
Aug 23 10:35:36 suricata barnyard2: FATAL ERROR: database mysql_error: Duplicate entry '3927-1' for key 'PRIMARY'#012#011SQL=[INSERT INTO sig_reference (ref_id,sig_id,ref_seq) VALUES ('2626','3927','1');]
вырос дубль… при этом barnyard2 уходит в down
бежим на оф.сайт и забираем последнию версию.
чистим таблицу с sig_reference
DELETE FROM sig_reference;
заново включаем/если выключали
output database: log, mysql, user=snorby password=pwd dbname=snorby host=localhost