[Snort-users] please help - ACID: "Ignored XXX duplicate events" on archive

Enrique Menasse menassee at ...131...
Wed Aug 21 13:30:02 EDT 2002


Maybe a trivial suggestion, but did you verify that in
your acid_conf file you have $archive_dbname pointing
to a different database?  I inadvertantly had it
pointing to the same db and was getting the same
messages you are.
 
$alert_dbname   = "snort";
$archive_dbname   = "archive";

- E -


> "Cloppert, Michael" wrote:
> 
> > I'm having a problem with ACID's "Archive Alerts
> (move)" and "Archive Alerts
> > (copy)".  All events I try to archive give the
> error "Ignored XXX duplicate
> > events".  These are not duplicate events - I even
> verify this by running my
> > version of ACID that queries the snort-archive
> database and I can't find the
> > alerts.  As a matter of fact, this action hasn't
> been successful for more
> > than 2 weeks now.  I have no idea what I may have
> changed to cause this
> > problem.
> >
> > I'm running Snort 1.8.7 on RHL7.3, latest version
> of ACID, mysql, etc...
> >
> > This is a HUGE problem for us, as we rely heavily
> on ACID's archiving
> > ability for maintenance.  Any help would be
> appreciated.
> >
> > Mike
> >


__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com




More information about the Snort-users mailing list