[Snort-users] please help - ACID: "Ignored XXX duplicate even ts" on archive
Michael.Cloppert at ...5884...
Tue Aug 27 07:53:05 EDT 2002
Has anyone come up with any sort of a way to resolve this issue? Our
acid-archive database is still completely useless, and I really need a way
to fix this. ANY help would be appreciated. And to address a previous
question, yes, my acid_conf.php is configured correctly:
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "xxxx";
/* Archive DB connection parameters */
$archive_dbname = "snort_archive";
$archive_host = "localhost";
$archive_port = "";
$archive_user = "snort";
$archive_password = "xxxx";
Thanks in advance,
From: Luca Tampieri [mailto:Luca.Tampieri at ...5851...]
Sent: Tuesday, August 20, 2002 12:48 PM
To: Cloppert, Michael; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] please help - ACID: "Ignored XXX duplicate
events" on archive
We had the same problem yesterday,
I have seen that our database-archive was full, or i think so (i don't know
mysql> show table status;
shows that 'Max_data_length' and 'Index_length' was about the same for table
so i have done a new archive, i have set it in acid_conf ($archive_dbname)
and now i trying to move alerts in this db.
I will have the results of this test only later because my ACID is very
slow, but until now is all right.
Note:we use snort1.8.6 and FreeBSD4.6.
"Cloppert, Michael" wrote:
I'm having a problem with ACID's "Archive Alerts (move)" and "Archive Alerts
(copy)". All events I try to archive give the error "Ignored XXX duplicate
events". These are not duplicate events - I even verify this by running my
version of ACID that queries the snort-archive database and I can't find the
alerts. As a matter of fact, this action hasn't been successful for more
than 2 weeks now. I have no idea what I may have changed to cause this
I'm running Snort 1.8.7 on RHL7.3, latest version of ACID, mysql, etc...
This is a HUGE problem for us, as we rely heavily on ACID's archiving
ability for maintenance. Any help would be appreciated.
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users