Snort mailing list archives

Re: i think so i have found a bug in ACID (Database ERROR:Database ERROR:ERROR: Cannot insert a duplicate key into unique index acid_event_pkey)

From: "Roman Danyliw" <roman () danyliw com>
Date: Thu, 5 Sep 2002 09:18:55 -0400 (EDT)

It sounds like your snort database plugin configuration might be the problem. 
Multiple instances of snort deployed on the same machine must  use the
"sensor_name" parameter in the database plugin configuration.  Explicitly naming
(with a unique value) each instance of snort to the database, overrides the
default naming algorithm which would otherwise give the multiple instances of
snort the same name.  It would seem that the multiple instances of snort sharing
the same sensor id (sensor name) is causing the duplicate key issue.  See the
"Deployment" section of the database plugin documentation:

http://www.andrew.cmu.edu/~rdanyliw/snort/snortdb/snortdb_deploy.html

Roman

On Tue, 3 Sep 2002 16:11:34 +0200, "Marcin Miedziejko" <szuwar () polbox com> wrote :

Dear Sir

I have instaled few times acid with postgres on my machine. Today a have big

trouble because my acid console only responded with message:


Database ERROR:Database ERROR:ERROR: Cannot insert a duplicate key into unique

index acid_event_pkey


Before this event i have tried reload (in my browser)and all was ok. Today I

have reinstalled all acid and this problem return.


In my advise i think the problem is with many sensors located in the same

machine. I have with three sensors on one host which sends alerts to another
machine ( acid.console). When i didn't, start snorts (after reinstalation) all
was ok. But when i have started sensing, messages returns...


The problem is not critical ! but multiple reloading the browser is really

irritating.


some usefull informations:

ACID 0.9.6b21

Mozilla 1.1b (for Windows)

Apache-ssl 1.3.26 Ben-SSL/1.48 Debian

PHP 4.2.2 with postgresql as apache module (apxs)

Postgresql 7.2

schema version 105

My comments are included in file acid.log with precedent # like "same" that

mean same response


Marcin Miedziejko

ps. please apologize my english...



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: i think so i have found a bug in ACID (Database ERROR:Database ERROR:ERROR: Cannot insert a duplicate key into unique index acid_event_pkey) Roman Danyliw (Sep 05)
- <Possible follow-ups>
- Re: Re: i think so i have found a bug in ACID (Database ERROR:Database ERROR:ERROR: Cannot insert a duplicate key into unique index acid_event_pkey) Brian.Kiefel (Sep 05)