Snort mailing list archives

Re: database output for multiple snort sensors?

From: "Ian Macdonald" <secsnort () dirk demon co uk>
Date: Fri, 16 Aug 2002 22:46:08 -0400

did you give the sensors unique names, you will get that kind of error if
you have multiple sensors logging as the same sensor id. You can check the
information printed by snort on start up to confirm this.

Ian
----- Original Message -----
From: "Vincent Chen" <vcba79 () ms1 hinet net>
To: <snort-users () lists sourceforge net>
Sent: Thursday, August 15, 2002 12:04 AM
Subject: [Snort-users] database output for multiple snort sensors?


Hi, all

I have a gateway which run 3 snort instances for different subnet.
Recently, I got more and more messages like this:

* database: postgresql_error: ERROR: Cannot insert a duplicate key into
unique index sig_reference_pkey
* database: warning (SELECT sig_id FROM signature WHERE sig_name =
'WEB-IIS CodeRed v2 root.exe access' AND sig_rev = 7 AND sig_sid = 1256
) returned more than one result

Every sensor log output to the same database 'ids' but has different
sensor name configured.
Is it ok to let multiple sensors share the same database? Should I
create 3 database for
each sensors?


Thanks,





-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

database output for multiple snort sensors? Vincent Chen (Aug 16)
- Re: database output for multiple snort sensors? Ian Macdonald (Aug 16)