Snort mailing list archives
Starting and Stopping Snort feeding Mysql
From: "James M. Driskell" <jdriskell () ups edu>
Date: Wed, 5 Feb 2003 17:08:17 -0800
Hello,
I'm running 2 snort sensors feeding a mysql database on another box. I
get the following errors periodically from either box:
Feb 5 14:31:40 snort1 snort: database: mysql_error: Duplicate entry
'3-4958' for key 1 SQL=INSERT INTO event (sid,cid,signature,timestamp)
VALUES ('3', '4958', '5', '2003-02-05 14:31:40-08')
Feb 5 14:31:50 snort1 snort: database: mysql_error: Duplicate entry
'3-4959' for key 1 SQL=INSERT INTO event (sid,cid,signature,timestamp)
VALUES ('3', '4959', '5', '2003-02-05 14:31:50-08')
I can clear the problem by stopping and restarting the offending snort
box, but I'd rather fix the problem. I also note that I get an unknown
sensor when I restart snort.
I've had to stop and start snort daily because the local alert and
scan.logs tend to run me out of disk space on the snort boxes. I guess
I need to invest in new hd's but until then, can anyone help me fix this
problem.
Thanks,
Jim Driskell
University of Puget Sound
Current thread:
- Starting and Stopping Snort feeding Mysql James M. Driskell (Feb 05)
- Re: Starting and Stopping Snort feeding Mysql Kenneth G. Arnold (Feb 06)
- RE: Starting and Stopping Snort feeding Mysql James M. Driskell (Feb 07)
- Re: Starting and Stopping Snort feeding Mysql Kenneth G. Arnold (Feb 06)