Snort mailing list archives
Synchronizing archive and live DBs
From: "John Creegan" <jcreegan () questarweb com>
Date: Mon, 06 Oct 2003 10:57:52 -0500
I've hit a problem with not being able to archive new alerts to the archive DB using ACID. I'm being told the alerts are duplicate and I can't see why (yet) because it appears the SID and CID combination is unique, ending at 15,908 in the archive events table and restarting at around 26,000 in the live events table (I've deleted a couple of days of alerts in the live DB). I don't have this system on a UPS yet and our power went out so nothing shut down gracefully. I'm thinking the startup order is: mysql, apache, then snort and the shutdown order should be the reverse. Anyone have an idea on how to: 1. Determine why the live alerts are considered duplicate of the archive alerts? 2. Start snort using any CID I might wish to assign? I'm thinking that I'll have to shut down snort, bump the CID number in appropriate tables, then restart snort with the next CID. This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure,copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Synchronizing archive and live DBs John Creegan (Oct 06)