I am running postresql and snort which is logging to the db. The db is
running just fine, except I am having some issues that occurred while I
was playing with some snort rules one day. Snort will automatically add
the new filters to a table called "sensors". I was playing with these
sensors to do some experimenting, and after I was done I removed those
new sensors. The problem is that one of the records automatically
counts up everytime something is added like this
snort=# select * from sensor
snort-# ;
sid | hostname | interface | filter | detail |
encoding | last_cid
-----+-----------------+-----------+---------------------+--------+----------+----------
4 | ip.add.res.ss | xl0 | | 1
| 0 | 12318
3 | ip.add.res.ss | xl3 | | 1
| 0 | 3072
2 | 10.0.0.1 | xl2 | not host (10.0.0.2) | 1
| 0 | 3417
1 | 192.233.103.186 | xl1 | not host (10.0.0.2) | 1
| 0 | 8594
If I was to use snort to create another rule, a sensor would be created
with the first field (sid) equal to 12. This would be fine except that
ACID only looks at the sids until there isn't anymore, so the new rules
don't show up in ACID. Is there a way to reset this field so postgres
doesn't think that anything over 4 was ever created?
--Bryan