[Snort-users] please help - ACID: "Ignored XXX duplicate events" on archive
menassee at ...131...
Wed Aug 21 13:30:02 EDT 2002
Maybe a trivial suggestion, but did you verify that in
your acid_conf file you have $archive_dbname pointing
to a different database? I inadvertantly had it
pointing to the same db and was getting the same
messages you are.
$alert_dbname = "snort";
$archive_dbname = "archive";
- E -
> "Cloppert, Michael" wrote:
> > I'm having a problem with ACID's "Archive Alerts
> (move)" and "Archive Alerts
> > (copy)". All events I try to archive give the
> error "Ignored XXX duplicate
> > events". These are not duplicate events - I even
> verify this by running my
> > version of ACID that queries the snort-archive
> database and I can't find the
> > alerts. As a matter of fact, this action hasn't
> been successful for more
> > than 2 weeks now. I have no idea what I may have
> changed to cause this
> > problem.
> > I'm running Snort 1.8.7 on RHL7.3, latest version
> of ACID, mysql, etc...
> > This is a HUGE problem for us, as we rely heavily
> on ACID's archiving
> > ability for maintenance. Any help would be
> > Mike
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
More information about the Snort-users