[Snort-users] Archive Database in ACID

Lawrence Reed Lawrence.Reed at ...1444...
Thu Jan 23 07:22:02 EST 2003


I saw this problem also, go to "application cache and status" from the 
main page.  Then click "rebuild alert cache".  This worked for me.


Counselman, Chris Contractor/Sverdrup wrote:

> I am running RedHat 8.0, snort 1.9.0, and ACID .9.6b22 logging to a 
> mysql database.
> I have two acid directories, one to connect to the alert database and 
> one to connect to the archive database.
>  
> I am trying to move current alerts to the archive database. I setup 
> everything and can move or copy alerts to the archive database once 
> and then view those alerts. When I try to move or copy alerts again it 
> says successful move to the archive but when I go to the archive 
> instance of ACID, the main screen actually updates the TCP/ICMP/UDP 
> graphs to reflect the extra data but I can not see the data anywhere 
> else. It does not say new alerts added and the new alerts does not 
> show up anywhere but the graph.
>  
>  
> Thanks,
>  
> Chris


-- 
Larry Reed  Lawrence.Reed at ...1444...
NOAA IT Security Office
PGP Public Key:  http://search.keyserver.net:11371/pks/lookup?op=get&search=0x7A998772







More information about the Snort-users mailing list