Re: please help - ACID: "Ignored XXX duplicate events" on archive

[Luca Tampieri <Luca.Tampieri () fi infn it>]

We had the same problem yesterday,
I have seen that our database-archive was full, or i think so (i don't know
mysql well),

mysql> show table status;

shows that 'Max_data_length' and 'Index_length' was about the same for table
'data'
so i have done a new archive, i have set it in acid_conf ($archive_dbname) and
now i trying to move alerts in this db.

I will have the results of this test only later because my ACID is very slow,
but until now is all right.

Note:we use snort1.8.6 and FreeBSD4.6.

Hope help.
Luca


"Cloppert, Michael" wrote:

> I'm having a problem with ACID's "Archive Alerts (move)" and "Archive Alerts
> (copy)".  All events I try to archive give the error "Ignored XXX duplicate
> events".  These are not duplicate events - I even verify this by running my
> version of ACID that queries the snort-archive database and I can't find the
> alerts.  As a matter of fact, this action hasn't been successful for more
> than 2 weeks now.  I have no idea what I may have changed to cause this
> problem.
>
> I'm running Snort 1.8.7 on RHL7.3, latest version of ACID, mysql, etc...
>
> This is a HUGE problem for us, as we rely heavily on ACID's archiving
> ability for maintenance.  Any help would be appreciated.
>
> Mike
>
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users