RE: Database ERROR:Database ERROR:Duplicate entry

["Miner, Jonathan W (CSC) (US SSA)" <jonathan.w.miner () baesystems com>]

Hi Hugo -

This, or something similar, has been discussed before.  I don't have the original author or date, but I modified my 
"acid_cache.inc" file. Hope this helps!

*** acid_cache.inc.orig
--- acid_cache.inc
***************
*** 228,233 ****
--- 228,238 ----
  
    $update_sql = array(4);
    
+    if ( $db->acidGetDBVersion() >= 100 )
+       $schema_specific[3] = " (sig_name LIKE 'spp_%') ";
+    else
+       $schema_specific[3] = " (signature LIKE 'spp_%') ";
+
    /* TCP events */
    $update_sql[0] =
      "INSERT INTO acid_event (sid,cid,signature,timestamp,
***************
*** 243,249 ****
      ".$schema_specific[2]."
      INNER JOIN iphdr ON (event.sid=iphdr.sid AND event.cid=iphdr.cid)
      LEFT JOIN tcphdr ON (event.sid=tcphdr.sid AND event.cid=tcphdr.cid)
!     WHERE (event.sid = $sid AND event.cid > $cid) AND ip_proto = 6";
    /* UDP events */
  
    $update_sql[1] =
--- 248,255 ----
      ".$schema_specific[2]."
      INNER JOIN iphdr ON (event.sid=iphdr.sid AND event.cid=iphdr.cid)
      LEFT JOIN tcphdr ON (event.sid=tcphdr.sid AND event.cid=tcphdr.cid)
!     WHERE (event.sid = $sid AND event.cid > $cid) AND ip_proto = 6
!     AND ( NOT ".$schema_specific[3].") ";
!
     /* UDP events */
  
    $update_sql[1] =
***************
*** 278,287 ****
        WHERE (event.sid = $sid AND event.cid > $cid) and ip_proto = 1";
  
     /* IP events only */
-    if ( $db->acidGetDBVersion() >= 100 )
-       $schema_specific[3] = " (sig_name LIKE 'spp_%') ";
-    else
-       $schema_specific[3] = " (signature LIKE 'spp_%') ";
  
     $update_sql[3] =
       "INSERT INTO acid_event (sid,cid,signature,timestamp,
--- 285,290 ----




-----Original Message-----
From:   snort-users-admin () lists sourceforge net on behalf of Hugo Chun Hin Lai
Sent:   Tue 01/11/2005 11:17 AM
To:     snort-users () lists sourceforge net
Cc:     
Subject:        [Snort-users] Database ERROR:Database ERROR:Duplicate entry
I am running Snort with output mode "log_unified" and Barnyard with output mode "log_dump". I run into problem where 
ACID would give me a Database ERROR:

Database ERROR:Database ERROR:Duplicate entry '3-14750' for key 1
Database ERROR:Database ERROR:Duplicate entry '3-14860' for key 1
Database ERROR:Database ERROR:Duplicate entry '5-32213' for key 1

It is interesting that when I hit the reload button a couple of times, ACID will no longer give me the error message. 
However, when I come in the next morning, I would see the same error message but may be with a different "Duplicate 
entry" number. I have seen numerous posts claiming it's a problem with Barnyard where it doesn't update the gen-id 
properly. Does anybody has a solution for this? Many thanks!

Hugo



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users