Re: Re: i think so i have found a bug in ACID (Database ERROR:Database ERROR:ERROR: Cannot insert a duplicate key into unique index acid_event_pkey)

[<Brian.Kiefel () base be>]

I have had the same problem with only one instance of snort per sensor, but
with multiple sensors logging to a postgres database. I found that changing
database to mysql completely removed this problem - no idea what was
causing it though - seemed to be related to load or rate of alerts being
added to database.


B.




"Roman Danyliw" <roman () danyliw com>@lists.sourceforge.net> on 05/09/2002
15:18:55

Sent by:  <snort-users-admin () lists sourceforge net>


To:   "Marcin Miedziejko" <szuwar () polbox com>
cc:   <snort-users () lists sourceforge net>

Subject:  [Snort-users] Re: i think so i have found a bug in ACID (Database
      ERROR:Database ERROR:ERROR: Cannot insert a duplicate key into unique
      index acid_event_pkey)


It sounds like your snort database plugin configuration might be the
problem.
Multiple instances of snort deployed on the same machine must  use the
"sensor_name" parameter in the database plugin configuration.  Explicitly
naming
(with a unique value) each instance of snort to the database, overrides the
default naming algorithm which would otherwise give the multiple instances
of
snort the same name.  It would seem that the multiple instances of snort
sharing
the same sensor id (sensor name) is causing the duplicate key issue.  See
the
"Deployment" section of the database plugin documentation:

http://www.andrew.cmu.edu/~rdanyliw/snort/snortdb/snortdb_deploy.html

Roman

On Tue, 3 Sep 2002 16:11:34 +0200, "Marcin Miedziejko" <szuwar () polbox com>
wrote :

> Dear Sir
>
> I have instaled few times acid with postgres on my machine. Today a have
big
trouble because my acid console only responded with message:
> Database ERROR:Database ERROR:ERROR: Cannot insert a duplicate key into
unique
index acid_event_pkey
> Before this event i have tried reload (in my browser)and all was ok.
Today I
have reinstalled all acid and this problem return.
> In my advise i think the problem is with many sensors located in the same
machine. I have with three sensors on one host which sends alerts to
another
machine ( acid.console). When i didn't, start snorts (after reinstalation)
all
was ok. But when i have started sensing, messages returns...
> The problem is not critical ! but multiple reloading the browser is
really
irritating.
> some usefull informations:
>
> ACID 0.9.6b21
>
> Mozilla 1.1b (for Windows)
>
> Apache-ssl 1.3.26 Ben-SSL/1.48 Debian
>
> PHP 4.2.2 with postgresql as apache module (apxs)
>
> Postgresql 7.2
>
> schema version 105
>
> My comments are included in file acid.log with precedent # like "same"
that
mean same response
> Marcin Miedziejko
>
> ps. please apologize my english...


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users