Re: Error in Postgres dbase

[Kevin Johnson <kjohnson () secureideas net>]

On Tue, 2005-01-18 at 06:08, reynald wrote:
> Hello,
>  
> Can somebody help me resolve this error;
>  
> ERROR:  Cannot insert a duplicate key into unique index event_pkey
>  
> The error occured when i tried to use this command to log alerts on my
> ACID using Postgres.
> (snort -c /etc/snort/snort.conf -i eth1 -D). It logs the alert but
> some rules wont take effect (like blocking of web sites)
>  
> However, all of my rules works perfectly fine when i used this command
> "snort -c /etc/snort/snort.conf -i eth2 -A fast -D". 
> The only problem is it wont log to ACID, the logs goes to my
> /var/log/snort folder instead.
>  
> Any help will be highly appreciated..thanks
>  
> -reynald

Hi-

This problem has been around for a while.  BASE, which is a fork of ACID
has a patch in the latest version that fixes it.  If you would like,
upgrading from ACID to BASE is a very simple procedure.  Or if you would
like, I will dig through my email and send you the patch.  You would
need to modify it some before applying it, as BASE has changed the code.

Thanks
Kevin Johnson
-------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users