[Snort-users] Snort sensor table in ACID

wfenwick at ...4447... wfenwick at ...4447...
Wed Jan 2 13:15:15 EST 2002


Hiya,

ACID b19, snort 1.8.3, using PGSQL as the backend database.

Is there any way to make ACID report the correct number of sensors
by deleting the unwanted sensor record from table "sensor" and decrementing the count in sensor_sid_seq?

Right now I have two sensors in there when only one should be. I
messed up a config parameter and am now correcting it.

pgsql=# select * from sensor;
 sid | hostname | interface | filter | detail | encoding 
-----+----------+-----------+--------+--------+----------
   2 | sensor1  | fxp1      |        |      1 |        0
   1 | sensor1  | fxp1      |        |      1 |        0

The current sequence is at 2 as well.

pqsql=# select * from sensor_sid_seq;
 sequence_name  | last_value | increment_by | max_value  | min_value | cache_value | log_cnt | is_cycled | is_called 
----------------+------------+--------------+------------+-----------+-------------+---------+-----------+-----------
 sensor_sid_seq |          2 |            1 | 2147483647 |         1 |           1 |      32 | f         | t
(1 row)
 

My attempt to fix it failed: 
 
pgsql=# update sensor_sid_seq set last_value=1 where last_value=2;
ERROR:  You can't change sequence relation sensor_sid_seq

Does ACID look at "sensor_sid_seq" to find out how many
sensors are active, or at home many show up in "sensor"?

Is there a way to *safely* decrement sensor_sid_seq to be at 1?

W




More information about the Snort-users mailing list