[Snort-devel] ACID archive problem: "Ignored XXX Duplicate Events" on archive
Michael.Cloppert at ...1554...
Thu Aug 29 17:29:02 EDT 2002
I'm not sure if this is the correct forum for this sort of thing, but I've
tried the snort-users list and gotten virtually no feedback. This is a VERY
big problem given the way our company has decided our IDS deployment is
going to work, so I am in dire need of some help before management decides
it's not worth the problems and ditches our Snort pilot project.
When I select "Archive Events (move)" or "Archive Events (copy)", ACID
returns "Ignored XXX Duplicate Events", where XXX=<number of events selected
for archival>. These events *do not* already exist in the archive database,
and I *do* have acid_conf.php configured properly to archive to
"snort_archive" as opposed to the default database "snort". I've put ACID
in debug mode, and I don't see any discernable errors. I ran
echo "show table status;" |mysql -u root -p snort
to see what my database tables looked like, but to be honest with you I
don't really know what I'm looking at. The only thing I noticed that
*might* be a problem was that "Data_Free" for "acid_ag_alert" was 0. Like I
said, I really don't know what most of that means, however.
I did some googling (of course) and found one or two other people with this
problem, but no resolutions. If anyone can point me in the right direction,
I would be GREATLY appreciative.
Thanks in advance,
More information about the Snort-devel