[Snort-users] please help - ACID: "Ignored XXX duplicate events" on archive

Cloppert, Michael Michael.Cloppert at ...5884...
Tue Aug 20 06:42:02 EDT 2002


I'm having a problem with ACID's "Archive Alerts (move)" and "Archive Alerts
(copy)".  All events I try to archive give the error "Ignored XXX duplicate
events".  These are not duplicate events - I even verify this by running my
version of ACID that queries the snort-archive database and I can't find the
alerts.  As a matter of fact, this action hasn't been successful for more
than 2 weeks now.  I have no idea what I may have changed to cause this
problem.

I'm running Snort 1.8.7 on RHL7.3, latest version of ACID, mysql, etc...

This is a HUGE problem for us, as we rely heavily on ACID's archiving
ability for maintenance.  Any help would be appreciated.

Mike




More information about the Snort-users mailing list