Snort mailing list archives

RE: Help trubleshoot a sensor problem

From: Juan Fernandez <Juan.Fernandez () deltathree com>
Date: Thu, 9 Dec 2004 14:03:23 +0200

The problem started after I commend out somw Icmp rules from snort.conf and
also enable oinkmaster to download rules from snort site.

I see in /var/log/messeges the following:

Dec  7 20:00:23 sensjrdmz snort: database: mysql_error: Duplicate entry
'4-113728' for key 1 SQL=INSERT INTO event (sid,cid,signatur
e,timestamp) VALUES ('4', '113728', '27', '2004-12-07 20:00:23.854+002') 
Dec  7 20:00:28 sensjrdmz snort: database: mysql_error: Duplicate entry
'4-113729' for key 1 SQL=INSERT INTO event (sid,cid,signatur
e,timestamp) VALUES ('4', '113729', '27', '2004-12-07 20:00:28.270+002') 
Dec  7 20:01:26 sensjrdmz snort: database: mysql_error: Duplicate entry
'4-113730' for key 1 SQL=INSERT INTO event (sid,cid,signatur

Output omitted.

Maybe this is the reason I cant see this sensor on the ACIS server ?

Thanks.


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] 
Sent: Wednesday, December 08, 2004 6:44 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Help trubleshoot a sensor problem

Did you delete all the alerts related to that sensor? If so that would
explain why you only see the one sensor. Is snort still running on that
sensor ps -ef|grep snort


Hi,

when I open Acid on the acid server I see just one sensor.

two days ago I saw both sensors...

from the sensor I can ping the acid server....so it is not a conctivity
problem...

any ideas?


thanks !!!

juan.




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Help trubleshoot a sensor problem Juan Fernandez (Dec 08)
- <Possible follow-ups>
- RE: Help trubleshoot a sensor problem Lance Boon (Dec 08)
- RE: Help trubleshoot a sensor problem Juan Fernandez (Dec 09)
- RE: Help trubleshoot a sensor problem Juan Fernandez (Dec 09)