Snort mailing list archives
Snort with ACID
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Tue, 23 Jul 2002 11:53:36 -0600
Running into strange issue with maintaining the ACID database with Snort 1.87 for Linux. Have successfully setup the database via mySQL and have ran the create_mysql script and then gave the appropriate users the necessary permissions (CREATE, INSERT, SELECT, DELETE, UPDATE) using grant to the archive database. I manually tested this out by creating an event ID and then manually deleting it and this worked correctly..so permissions DO work and therefore this possibility can be ruled out. However, when running the web front-end for ACID in the "ADMIN" mode, when I attempt to "move" events to the archive, it will move just "ONE" alert and then will no longer move any more events and will generate an error about "duplicate events ignored" and "0 events moved - archive_MOVE failed or was not successful". As I mentioned above, after verifying the correct user and password and database are specified in the acid_conf.php file in the ACID directory and manually testing out the DELETE, INSERT and UPDATE permission for the specified USER on the specified DATABASE, and have determined that all of these DO function. Why does the move or copy archive bomb out when detecting duplicate events ?
Current thread:
- Snort with ACID Slighter, Tim (Jul 23)