[Snort-users] Snort with ACID
tslighter at ...5174...
Tue Jul 23 10:56:05 EDT 2002
Running into strange issue with maintaining the ACID database with Snort
1.87 for Linux. Have successfully setup the database via mySQL and have ran
the create_mysql script and then gave the appropriate users the necessary
permissions (CREATE, INSERT, SELECT, DELETE, UPDATE) using grant to the
archive database. I manually tested this out by creating an event ID and
then manually deleting it and this worked correctly..so permissions DO work
and therefore this possibility can be ruled out. However, when running the
web front-end for ACID in the "ADMIN" mode, when I attempt to "move" events
to the archive, it will move just "ONE" alert and then will no longer move
any more events and will generate an error about "duplicate events ignored"
and "0 events moved - archive_MOVE failed or was not successful".
As I mentioned above, after verifying the correct user and password and
database are specified in the acid_conf.php file in the ACID directory and
manually testing out the DELETE, INSERT and UPDATE permission for the
specified USER on the specified DATABASE, and have determined that all of
these DO function.
Why does the move or copy archive bomb out when detecting duplicate events ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users