snort 2.0.1 corrupting tables?

[Bryan Irvine <bryan.irvine () kingcountyjournal com>]

I have a central database server (postgresql) and 2 snort detectors that
log to it form 2 networks.  They both are loggin just fine except one of
them (the snort 2.0.1) returns tons and tons and tons of errors, and
usualy repeats the same errors.  For example:

Aug  6 08:20:25 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-ATTACKS mail command attempt' AND 
sig_rev = 4 AND sig_sid = 1367 ) returned more than one result 
Aug  6 08:20:25 knox3 snort: database: warning (SELECT sig_id FROM
signature WHERE sig_name = 'WEB-ATTACKS mail command attempt' AND 
sig_rev = 4 AND sig_sid = 1367 ) returned more than one result 


I get similar messages for T/TCP, young teen, and a couple of others. 
Those alerts _never_ get inserted into the DB.  I initially thought it
was just too busy (it got 120,000 inserts overnight last night), but it
seems to insert other records just fine.  I'm wondering if the other
snort is doing something funky.  It also might be related that I ahve
the same startup script on both machines, the 2.0.0 box starts quietly
and I don't see any output when I run the script, the 2.0.1 box scrolls
the regular startup output when started.

This is driving me insane!! People are looking at pr0n and I can't catch
'em!

--Bryan



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users