[Snort-users] Re: i think so i have found a bug in ACID (Database ERROR:Database ERROR:ERROR: Cannot insert a duplicate key into unique index acid_event_pkey)

Roman Danyliw roman at ...438...
Thu Sep 5 06:20:03 EDT 2002


It sounds like your snort database plugin configuration might be the problem. 
Multiple instances of snort deployed on the same machine must  use the
"sensor_name" parameter in the database plugin configuration.  Explicitly naming
(with a unique value) each instance of snort to the database, overrides the
default naming algorithm which would otherwise give the multiple instances of
snort the same name.  It would seem that the multiple instances of snort sharing
the same sensor id (sensor name) is causing the duplicate key issue.  See the
"Deployment" section of the database plugin documentation:

http://www.andrew.cmu.edu/~rdanyliw/snort/snortdb/snortdb_deploy.html

Roman

On Tue, 3 Sep 2002 16:11:34 +0200, "Marcin Miedziejko" <szuwar at ...6794...> wrote :

> Dear Sir
> 
> I have instaled few times acid with postgres on my machine. Today a have big
trouble because my acid console only responded with message:
> 
> Database ERROR:Database ERROR:ERROR: Cannot insert a duplicate key into unique
index acid_event_pkey 
> 
> Before this event i have tried reload (in my browser)and all was ok. Today I
have reinstalled all acid and this problem return. 
> 
> In my advise i think the problem is with many sensors located in the same
machine. I have with three sensors on one host which sends alerts to another
machine ( acid.console). When i didn't, start snorts (after reinstalation) all
was ok. But when i have started sensing, messages returns...
> 
> The problem is not critical ! but multiple reloading the browser is really
irritating.
> 
> some usefull informations:
> 
> ACID 0.9.6b21
> 
> Mozilla 1.1b (for Windows)
> 
> Apache-ssl 1.3.26 Ben-SSL/1.48 Debian
> 
> PHP 4.2.2 with postgresql as apache module (apxs)
> 
> Postgresql 7.2
> 
> schema version 105
> 
> My comments are included in file acid.log with precedent # like "same" that
mean same response
> 
> Marcin Miedziejko
> 
> ps. please apologize my english...
> 
> 




More information about the Snort-users mailing list