database output for multiple snort sensors?

[Vincent Chen <vcba79 () ms1 hinet net>]

Hi, all

I have a gateway which run 3 snort instances for different subnet.
Recently, I got more and more messages like this:

* database: postgresql_error: ERROR: Cannot insert a duplicate key into
unique index sig_reference_pkey
* database: warning (SELECT sig_id FROM signature WHERE sig_name =
'WEB-IIS CodeRed v2 root.exe access' AND sig_rev = 7 AND sig_sid = 1256
) returned more than one result

Every sensor log output to the same database 'ids' but has different
sensor name configured.
Is it ok to let multiple sensors share the same database? Should I
create 3 database for
each sensors?


Thanks,





-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users