Re: Cannot archive alerts (ACID)

["AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>]

--On 14 March 2004 15:36 -0500 Jeff Workman <jworkman () pimpworks org> wrote:

> ACID Version: 0.9.6b23
> Schema version: 106
> PostgreSQL version: 7.4
>
> I cannot get ACID to archive my alerts.  I created both the snort and the
> archive database at the same time, with the same permissions for the
> snort user, but I get the following SQL error when I try to archive:
>
> Archive error:Database ERROR:ERROR: insert or update on table "iphdr"
> violates foreign key constraint "iphdr_fkey_sid_cid" DETAIL: Key
> (sid,cid)=(2,276) is not present in table "event".

Have you created /all/ the columns and tables in BOTH databases?

cat /path/to/snort/contrib/create_mysql | mysql -p snort_log
zcat /path/to/snort/contrib/snortdb-extra.gz | mysql -p snort_log
cat /path/to/acid/create_acid_tbls_mysql.sql | mysql -p snort_log

cat /path/to/snort/contrib/create_mysql | mysql -p snort_archive
zcat /path/to/snort/contrib/snortdb-extra.gz | mysql -p snort_archive
cat /path/to/acid/create_acid_tbls_mysql.sql | mysql -p snort_archive

> -Jeff

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users