[Snort-users] duplicate entry in DB (not the ACID problem)

Hin hchlai at ...2792...
Tue Mar 29 10:17:32 EST 2005


This is really devastating. I have received multiple identicle entries of the same event in the DB. These identicle entries has the same pay load, same src/dest ip, exact same time etc. The only difference is the event ID. This is not the duplicate key entry error in ACID. I have about 90% of my alerts receiving multiple entries, and I can't find any common grounds among alerts receiving multiple entries vs unique entry. I have also make sure only 1 instance of Snort is running on my sensor. Any suggestion would be appreciated.

Hin

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp




More information about the Snort-users mailing list