Re: [Sguil-users] is this a barnyard2 error or a sguil error
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-users] is this a barnyard2 error or a sguil error
|
From: C. L. M. <car...@gm...> - 2014-11-04 15:47:22
|
Ok, perfect. Doing this: SET GLOBAL sql_mode=""; SELECT @@GLOBAL.sql_mode; it seems, it is working now ... Many thanks Brad. On Tue, Nov 4, 2014 at 2:36 PM, Voth, Brad (GE Corporate) <Bra...@ge...> wrote: > There¹s a mysql setting to allow truncation by default: > > http://stackoverflow.com/questions/18459184/mysql-too-long-varchar-truncati > on-error-setting > > On 11/4/14, 9:24 AM, "C. L. Martinez" <car...@gm...> wrote: > >>Many thanks Paul !!. >> >>On Tue, Nov 4, 2014 at 2:16 PM, Paul Halliday <pau...@gm...> >>wrote: >>> Newer versions of MySQL treat what used to be a warning as an error. In >>>this >>> case you are trying to cram 22 characters into a VARCHAR(20) which is >>>the >>> type for the class column. Unfortunately I don't think it's as easy as >>>just >>> altering the event table because of the way sguild creates the merge >>>tables. >>> I worked around this somehow but I can't remember what I did :) Give me >>>a >>> few minutes. >>> >>> On Tue, Nov 4, 2014 at 10:06 AM, C. L. Martinez <car...@gm...> >>> wrote: >>>> >>>> Hi all, >>>> >>>> Today, I have updated a CentOS 6.6 host with Sguil 0.9.0 (previously >>>> CentOS 6.5 + sguil 0.8.0 was installed) and after that, barnyard2 >>>> process dies with errors similar to these: >>>> >>>> Nov 4 12:14:45 plzfsiem04 SGUILD: DB Error during:#012INSERT INTO >>>> `event_idpsuricata01_20141104` (sid, cid, unified_event_id, >>>> unified_event_ref, unified_ref_time, signature, signature_gen, >>>> signature_id, signature_rev, timestamp, priority, class, status, >>>> src_ip, dst_ip, ip_proto, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, >>>> ip_flags, ip_off, ip_ttl, ip_csum, src_port, dst_port) VALUES ('1', >>>> '57', '1', '1', '2014-11-04 12:14:43', 'ET WEB_SERVER PHP Possible >>>> https Local File Inclusion Attempt', '1', '2012998', '4', >>>> '2014-11-04 12:14:43', '1', 'web-application-attack', '0', >>>> '180650526', '180617231', '6', '4', '5', '0', '944', '0', >>>> '0', '0', '0', '8084', '4971', '80')#012: mysqlexec/db server: Data >>>> too long for column 'class' at row 1 >>>> Nov 4 12:14:45 plzfsiem04 SGUILD: ERROR: While inserting event info: >>>> mysqlexec/db server: Data too long for column 'class' at row 1 >>>> Nov 4 12:36:24 plzfsiem04 SGUILD: DB Error during:#012INSERT INTO >>>> `event_idpsuricata01_20141104` (sid, cid, unified_event_id, >>>> unified_event_ref, unified_ref_time, signature, signature_gen, >>>> signature_id, signature_rev, timestamp, priority, class, status, >>>> src_ip, dst_ip, ip_proto, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, >>>> ip_flags, ip_off, ip_ttl, ip_csum, src_port, dst_port) VALUES ('1', >>>> '57', '1', '1', '2014-11-04 12:14:43', 'ET WEB_SERVER PHP Possible >>>> https Local File Inclusion Attempt', '1', '2012998', '4', >>>> '2014-11-04 12:14:43', '1', 'web-application-attack', '0', >>>> '180650526', '180617231', '6', '4', '5', '0', '944', '0', >>>> '0', '0', '0', '8084', '4971', '80')#012: mysqlexec/db server: Data >>>> too long for column 'class' at row 1 >>>> >>>> Is this a sguil error or a barnyard2 error?? Using same barnyard2 >>>> version with sguil 0.8.0, I don't see these errors before ... >>>> >>>> Thanks. >>>> >>>> >>>> >>>>------------------------------------------------------------------------ >>>>------ >>>> _______________________________________________ >>>> Sguil-users mailing list >>>> Sgu...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sguil-users >>> >>> >>> >>> >>> -- >>> Paul Halliday >>> http://www.pintumbler.org/ >>> >>> >>>------------------------------------------------------------------------- >>>----- >>> >>> _______________________________________________ >>> Sguil-users mailing list >>> Sgu...@li... >>> https://lists.sourceforge.net/lists/listinfo/sguil-users >>> >> >>-------------------------------------------------------------------------- >>---- >>_______________________________________________ >>Sguil-users mailing list >>Sgu...@li... >>https://lists.sourceforge.net/lists/listinfo/sguil-users > > > ------------------------------------------------------------------------------ > _______________________________________________ > Sguil-users mailing list > Sgu...@li... > https://lists.sourceforge.net/lists/listinfo/sguil-users |