[Snort-users] ACID Alert Cache Empty

Kevin Brown Kevin.M.Brown at ...1022...
Thu Jul 18 09:58:09 EDT 2002


An issue seems to have popped up this week with Snort (1.9-dev from CVS) and
ACID (0.9.6b22).

MySQL Server setup:
ACID 0.9.6b22
MySQL 3.23.51
Schema 105
ADODB 2.12

Last week worked fine.  Snort was logging to the MySQL server and ACID would
properly update the cache with the new events.  This week it is properly
logging to the db, but ACID won't update the cache of events.

What happens (and this has been working for almost a year) is that on Sunday
night the old database is moved to a new folder and a new snort database
(completely empty) is put into place by rerunning the db schema creation
script (create_mysql).

I have tried deleting the ACID cache tables and rebuilding them, but it
still didn't update the chache with the now over 700,000 alerts.  I can go
to the "Cache and Status" page and see that the database has has a large
number of alerts, but it shows 0 for the cached events.  Hit update alert
cache and it adds 0 alerts to the cache.  Repair tables doesn't seem to do
anything, nor does Rebuild Alert Cache from the same page.

No software has been changed while I was gone.

Any other suggestions?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020718/9f2f568d/attachment.html>


More information about the Snort-users mailing list