[Snort-users] database output for multiple snort sensors?

Vincent Chen vcba79 at ...6112...
Fri Aug 16 14:32:26 EDT 2002


Hi, all

I have a gateway which run 3 snort instances for different subnet.
Recently, I got more and more messages like this:

* database: postgresql_error: ERROR: Cannot insert a duplicate key into
unique index sig_reference_pkey
* database: warning (SELECT sig_id FROM signature WHERE sig_name =
'WEB-IIS CodeRed v2 root.exe access' AND sig_rev = 7 AND sig_sid = 1256
) returned more than one result

Every sensor log output to the same database 'ids' but has different
sensor name configured.
Is it ok to let multiple sensors share the same database? Should I
create 3 database for
each sensors?


Thanks,







More information about the Snort-users mailing list