I'm having a problem archiving alerts from the new spyware-put rules.  This is really bizarre.  I can archive thousands of other alerts without any problems.  But when I try to archive alerts from these new rules I get the following error.

Ignored 1 duplicate alert(s)
No alerts were selected or the Archive alert(s) (move) was not successful

Archive copies do the same thing.

Ignored 1 duplicate alert(s)
No alerts were selected or the Archive alert(s) (copy) was not successful

This occurs even if the archive database is empty.  I even tried dropping and rebuilding the entire archive database, but the same thing happens.  I'm running BASE 1.2.4 (melissa), but reverted back to 1.2.3 (cindy) and it did the same thing.  The adodb version is 462.

Any and all assistance will be appreciated.

A full debug follows.

         PARAMETERS: '
         CLIENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
         SERVER: Apache/2.0.52 (Red Hat)
         SERVER HW: Linux amarillo.jhuapl.edu 2.6.9-22.0.1.ELsmp #1 SMP Tue Oct 18 18:39:27 EDT 2005 i686
         DATABASE TYPE: mysql  DB ABSTRACTION VERSION: V4.62 2 Apr 2005  (c) 2000-2005 John Lim (jlim#natsoft.com.my). All rights reserved. Released BSD & LGPL.
         PHP VERSION: 4.3.9  PHP API: apache2handler
         BASE VERSION: 1.2.4 (melissa)
         SESSION ID: dcafad6ae49f0b99f2c3d2b3ff05ed96( 2960 bytes )
        

Original path = '/var/www/html/adodb'
Attempting to load: '/var/www/html/adodb/adodb.inc.php'
Checking for DB abstraction lib in '/var/www/html/adodb/adodb.inc.php'
sensor #1: event.cid = 2569691, acid_event.cid = 2569677
Added 14 alert(s) to the Alert cache

Sensor:

AG:

signature
Array
(
    [0] => =
    [1] => 552
    [2] =>
)

_TIME (0):

IP addresses (0):

IP fields (0):

TCP ports ():

TCP flags

TCP fields ():

UDP ports ():

UDP fields ():

ICMP fields ():

RawIP field ():

Data (0):
            new: ''  
           
submit: 'Selected'
           
sort_order: 'none'
           
num_result_rows: ''  current_view: ''
           
layer4: ''  caller: ''
           
action: ''  action_arg: ''
           

==== ACTION ======
context = 1


==== Archive alert(s) (move) Alerts ========
num_alert = 5859
action_sql = SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE 1 = 1 AND (signature='552')
action_op = Selected
action_arg =
action_param =
context = 1
limit_start = -1
limit_offset = -1
using_blobs =
Original path = '/var/www/html/adodb'
Attempting to load: '/var/www/html/adodb/adodb.inc.php'
Checking for DB abstraction lib in '/var/www/html/adodb/adodb.inc.php'

Gathering elements from 1 alert blobs
1 - 2566770

Array
(
    [0] => Array
        (
            [0] => 2
            [1] => www3.ca.com/securityadvisor/pest/pest.aspx?id=453082755
            [2] => url
        )

)

Array
(
    [0] => INSERT INTO sig_reference (sig_id, ref_seq, ref_id) VALUES (1,1,17262)
    [1] => INSERT INTO event (sid,cid,signature,timestamp) VALUES (1, 2566770, '1', '2006-05-16 13:09:49')
)

Archive error:Database ERROR:Duplicate entry '1-1' for key 1

INSERT INTO sig_reference (sig_id, ref_seq, ref_id) VALUES (1,1,17262)


INSERT INTO sig_reference (sig_id, ref_seq, ref_id) VALUES (1,1,17262)
Ignored 1 duplicate alert(s)
No alerts were selected or the Archive alert(s) (move) was not successful
-------------------------------------
action_cnt = 0
dup_cnt = 1
num_alert = 5859
==== Archive alert(s) (move) Alerts END ========
Initial/Canned Query or Sort Clicked
 

SUBMIT: Selected

sort_order: none

SQL (save_sql): SELECT acid_event.sid, acid_event.cid, signature, timestamp, acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto FROM acid_event WHERE 1 = 1 AND (signature='552')

SQL (sort_sql):
Valid Canned Query List

Array
(
    [last_tcp] => Array
        (
            [0] => 15
            [1] => Last TCP Alerts
            [2] => time_d
        )

    [last_udp] => Array
        (
            [0] => 15
            [1] => Last UDP Alerts
            [2] => time_d
        )

    [last_icmp] => Array
        (
            [0] => 15
            [1] => Last ICMP Alerts
            [2] => time_d
        )

    [last_any] => Array
        (
            [0] => 15
            [1] => Last Alerts
            [2] => time_d
        )

)

Query State
caller = ''
num_result_rows = '5859'
sort_order = ''
current_view = '0'
action_arg = ''
action = 'archive_alert2'
SELECT acid_event.sid, acid_event.cid, signature, timestamp, acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto FROM acid_event WHERE 1 = 1 AND (signature='552')

 Queried on : Tue May 16, 2006 14:22:39