Snort mailing list archives
Snort/Barnyard/MySQL/ACID - Duplicate entry
From: "Maetzky, Steffen (Extern)" <Steffen.Maetzky () gedas de>
Date: Thu, 25 Mar 2004 18:45:59 +0100
Hello, I'm using Snort with Barnyard, MySQL and ACID and get often the following message from ACID: duplicate entry xx for key 1 (seemed to be an mysql-message) I' ve rebuild my databases (snort and acidarchive) and deleted all alerts but without success. I'm using the following configs and would be happy to get help: snort.conf: ##change user config set_uid: snort ##network var HOME_NET ********** var DNS_SERVERS $HOME_NET var SMTP_SERVERS $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var TELNET_SERVERS $HOME_NET var SNMP_SERVERS $HOME_NET var HTTP_PORTS 8080 var SHELLCODE_PORTS !80 var ORACLE_PORTS 1521 ##rulepath var RULE_PATH /etc/snort/rules ##preprocessors preprocessor frag2: memcap 32000000 preprocessor stream4: detect_scans, memcap 32000000 preprocessor stream4_reassemble: ports default preprocessor rpc_decode: 111 32771 ##output-plugins output log_unified: filename unified.log ##configs include classification.config include reference.config ##rules include $RULE_PATH/local.rules etc... Barnyard.conf: # set the hostname (currently only used for the acid db output plugin) config hostname: localhost # set the interface name (currently only used for the acid db output plugin) config interface: eth1 # set the filter (currently only used for the acid db output plugin) config filter: not port 22 #processors processor dp_alert processor dp_log # acid_db #output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user snort, password ****** ,detail full output log_acid_db: mysql, sensor_id 1, database snort, server localhost, user snort, password ****** ,detail full ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort/Barnyard/MySQL/ACID - Duplicate entry Maetzky, Steffen (Extern) (Mar 29)
- Re: Snort/Barnyard/MySQL/ACID - Duplicate entry Andrew R. Baker (Mar 29)