acid-general Mailing List for Acid
Status: Pre-Alpha
Brought to you by:
ebf
Menu
▾
▴
acid-general — General discussion of Acid from an end-user perspective
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Derick J. <de...@in...> - 2002-08-21 14:53:45
|
Hi all, I am new to SNORT/ACID/SQL so please be patient with me :-) Here is my progress and also my problems. Snort - working 100% (As far as I can tell) Acid and PostgreSQL installed and working (sort of) Here is my problem. I am running one sensor logging to a separate PostgreSQL server. For some reason the database always shows 2 sensors (one with the correct hostname and one unknown:eth1 :eth1) and then I get the following error when using ACID :- Database ERROR:Database ERROR:ERROR: Cannot insert a duplicate key into unique index acid_event_pkey It is also VERY slow. I know that I am supposed to create extra indexes but I have zero SQL experience, so I am at your mercy :-) I also get this message from time to time even thou the database is running. The underlying database snort@localhost appears to be incomplete/invalid Database ERROR:no connection to the server It might be an older version. Only alert databases created by Snort 1.7-beta0 or later are supported I also noticed that I get more and more postgres processes running as time goes by. (postgres: postgres snort 127.0.0.1 idle) Perhaps this is relevant, if I keep the same browser window open the response gets better over time. I tried with MySQL at first. I did not get the above error message then but it was even slower and would usually time-out. Thanks in advance for any suggestions you may have. Regards Derick Jansen |
|
From: Ryan H. <rh...@xy...> - 2001-10-22 23:25:21
|
hello all, not sure if this is the right place to post the question, but since modifying my snort db's to schema v 104, I'm getting the following error when I attempt to move alerts from the alert to the archive db: Ignored 3 duplicate alert(s) No alerts were selected or the ARCHIVE-move was not successful Help? This was working fine before performing the 104 upgrade steps previously posted on the snort discussion list... Thanks, Ryan Hill, MCSE IT Ninja Corporate Information Systems Telecommunication Systems, Inc. (TCS) - http://www.telecomsys.com <http://www.telecomsys.com> v: 206.792.2276 - f: 206.792.2001 pgp: 0x17CE70AB |
