> To: sguil-users@lists.sourceforge.net
> Date: Wed, 2 Jul 2014 08:26:53 -0600
> From: jlay@slave-tothe-box.net
> Subject: Re: [Sguil-users] 0.9.0 upgrade died
>
> On 2014-07-02 08:23, James Lay wrote:
> > On 2014-07-02 08:19, Y M wrote:
> >> James,
> >>
> >> Can you verify if the table actually exists?
> >>
> >> Login to MySQL:
> >> mysql -u <user> -p
> >>
> >> Once in, go with:
> >> USE sguildb;
> >>
> >> Then:
> >> SHOW TABLES;
> >>
> >> and verify if the table exists. If the table exists, then make a
> >> backup of it or the database (just in case), and then try repairing
> >> the table with:
> >>
> >> REPAIR TABLE <table_name>;
> >>
> >> This may (or may not) help you resolve the issue. Thanks.
> >>
> >> YM
> >>
> >>> To: sguil-users@lists.sourceforge.net
> >>> Date: Wed, 2 Jul 2014 08:02:25 -0600
> >>> From: jlay@slave-tothe-box.net
> >>> Subject: [Sguil-users] 0.9.0 upgrade died
> >>>
> >>> Topic says it...I'm unable to restart squild at this point in time:
> >>>
> >>> Starting with:
> >>>
> >>> sudo /opt/bin/sguil/sguild -c /opt/etc/snort/sguild/sguild.conf -C
> >>> /opt/etc/snort/sguild/certs -a /opt/etc/snort/sguild/autocat.conf
> >>> -g
> >>
> >>> /opt/etc/snort/sguild/sguild.queries -A
> >>> /opt/etc/snort/sguild/sguild.access
> >>>
> >>> mysqlexec/db server: Table 'sguildb.event_External_20140702'
> >>> doesn't
> >>
> >>> exist
> >>> while executing
> >>> "mysqlexec $MAIN_DB_SOCKETID $updateString"
> >>> (procedure "UpdateDBStatus" line 11)
> >>> invoked from within
> >>> "UpdateDBStatus [lindex $data 3] [lindex $data 4] [lindex $data 5]
> >>> [lindex $data 6] [GetCurrentTimeStamp] $AUTOID $acCat($rid)"
> >>> (procedure "AutoCat" line 43)
> >>> invoked from within
> >>> "AutoCat $row"
> >>> ("foreach" body line 6)
> >>> invoked from within
> >>> "foreach row [mysqlsel $MAIN_DB_SOCKETID $tmpQry -list] {
> >>>
> >>> InfoMessage "Archived Alert: $row"
> >>> set LAST_EVENT_ID([lindex $row 3]) "[li..."
> >>> invoked from within
> >>> "if { $mergeTableListArray(event) != "" } {
> >>>
> >>> # Get the archived alerts
> >>> LogMessage "Querying DB for archived events..."
> >>> set MAJOR_MYSQL_VERS..."
> >>> (file "/opt/bin/sguil/sguild" line 734)
> >>>
> >>>
> >>> I have no clue on how to proceed beside blowing out the current
> >>> database, which I really don't want to have to do... please help.
> >> Thank
> >>> you.
> >>>
> >>> James
> >
> > Yea it doesn't...it's like squil never created it :( Thanks YM.
> >
> > James
> >
>
> I initially got this yesterday:
>
> barnyard2[28950]: FATAL ERROR: sguil: Expected Confirm 155843 and got:
> Failed to insert 155843: mysqlexec/db server: Duplicate entry 4-155843
> for key PRIMARY#012
>
> And since then no good.

James, is your barnyard2 feeding two databases; the one that comes with Barnyard2, as well as the one with the Sguil server?

I have seen this error with the schema/database that comes with Barnyard2 (usually the sig_reference table), but never seen it on the Sguil database.

YM

> Jaems
>
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> Sguil-users mailing list
> Sguil-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sguil-users