[Snort-devel] last_cid in new database scheme v106

Dirk Geschke dirk at ...972...
Tue Sep 10 11:32:02 EDT 2002

Hi all,

I understand the problem if you move the last entry of the database to
an archive database. After this is done there exists the possibility to
have a new database record with the same cid.

Therefore the last_cid was introduced to have one increasing value which
can't be used twice. This value is added to the sensor table.

But with this solution you have to increase this value whith each new
entry in the database. This is one additional entry with each call of

Wouldn't it be much smarter to take care of not to (re-)move the last
cid of the database? 

Additionally as last mentioned it would be much faster if we can trust
that each rule set is already part of the database. This would remove
a lot of query/insert statements and should result in a much faster
database logging.

Best regards


| Dr. Dirk Geschke            | E-mail: geschke at ...802...     |
| Gesellschaft fuer Netzwerk  | Tel.  : +49-(0)-89-991950-31 |
| und Unix Administration mbH | Fax   : +49-(0)-89-991950-99 |
| 85551 Kirchheim / Germany   | Raeter Stra/3e 26            |

More information about the Snort-devel mailing list