Re: please help - ACID: "Ignored XXX duplicate events" on archive

[Enrique Menasse <menassee () yahoo com>]

Maybe a trivial suggestion, but did you verify that in
your acid_conf file you have $archive_dbname pointing
to a different database?  I inadvertantly had it
pointing to the same db and was getting the same
messages you are.
 
$alert_dbname   = "snort";
$archive_dbname   = "archive";

- E -


> "Cloppert, Michael" wrote:
>
> > I'm having a problem with ACID's "Archive Alerts
> (move)" and "Archive Alerts
> > (copy)".  All events I try to archive give the
> error "Ignored XXX duplicate
> > events".  These are not duplicate events - I even
> verify this by running my
> > version of ACID that queries the snort-archive
> database and I can't find the
> > alerts.  As a matter of fact, this action hasn't
> been successful for more
> > than 2 weeks now.  I have no idea what I may have
> changed to cause this
> > problem.
> >
> > I'm running Snort 1.8.7 on RHL7.3, latest version
> of ACID, mysql, etc...
> > This is a HUGE problem for us, as we rely heavily
> on ACID's archiving
> > ability for maintenance.  Any help would be
> appreciated.
> > Mike


__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users