Snort mailing list archives
Re: please help - ACID: "Ignored XXX duplicate events" on archive
From: Luca Tampieri <Luca.Tampieri () fi infn it>
Date: Tue, 20 Aug 2002 18:48:21 +0200
We had the same problem yesterday, I have seen that our database-archive was full, or i think so (i don't know mysql well), mysql> show table status; shows that 'Max_data_length' and 'Index_length' was about the same for table 'data' so i have done a new archive, i have set it in acid_conf ($archive_dbname) and now i trying to move alerts in this db. I will have the results of this test only later because my ACID is very slow, but until now is all right. Note:we use snort1.8.6 and FreeBSD4.6. Hope help. Luca "Cloppert, Michael" wrote:
I'm having a problem with ACID's "Archive Alerts (move)" and "Archive Alerts (copy)". All events I try to archive give the error "Ignored XXX duplicate events". These are not duplicate events - I even verify this by running my version of ACID that queries the snort-archive database and I can't find the alerts. As a matter of fact, this action hasn't been successful for more than 2 weeks now. I have no idea what I may have changed to cause this problem. I'm running Snort 1.8.7 on RHL7.3, latest version of ACID, mysql, etc... This is a HUGE problem for us, as we rely heavily on ACID's archiving ability for maintenance. Any help would be appreciated. Mike ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- please help - ACID: "Ignored XXX duplicate events" on archive Cloppert, Michael (Aug 20)
- Re: please help - ACID: "Ignored XXX duplicate events" on archive Luca Tampieri (Aug 20)
- <Possible follow-ups>
- Re: please help - ACID: "Ignored XXX duplicate events" on archive Enrique Menasse (Aug 21)