Synchronizing archive and live DBs

["John Creegan" <jcreegan () questarweb com>]

I've hit a problem with not being able to archive new alerts to the
archive DB using ACID.  I'm being told the alerts are duplicate and I
can't see why (yet) because it appears the SID and CID combination is
unique, ending at 15,908 in the archive events table and restarting at
around 26,000 in the live events table (I've deleted a couple of days of
alerts in the live DB).

I don't have this system on a UPS yet and our power went out so nothing
shut down gracefully.  I'm thinking the startup order is: mysql, apache,
then snort and the shutdown order should be the reverse.

Anyone have an idea on how to:
     1. Determine why the live alerts are considered duplicate of the
archive alerts?
     2. Start snort using any CID I might wish to assign?

I'm thinking that I'll have to shut down snort, bump the CID number in
appropriate tables, then restart snort with the next CID.


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient,
you should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users