Snort mailing list archives
RE: Oracle Database Table Explanation
From: "Ray Seals" <rseals () vdsi net>
Date: Tue, 29 May 2001 16:24:10 -0500
Snort v 1.7 Snort is logging to the database but it's not putting anything in the event table. Snort is adding stuff to the IPHDR,ICMPHDR,IPHDR,TCPHDR and UDPHDR files respectively. Snort is also adding rows to the DATA table. Yes, I have one entry in the sensor table which correctly states the hostname interface and the detail and encoding I specified in the snort.conf file. Ray -----Original Message----- From: roman () danyliw com [mailto:roman () danyliw com] Sent: Tuesday, May 29, 2001 12:11 PM To: rseals () vdsi net Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Oracle Database Table Explanation Ray,
When snort generates a detect it puts the header files into the appropriate tables but I never get the snort_events table updated.
What version of Snort? I'm not sure what you mean by this statement. "Header files"? So is snort logging to the database or not? A row should be added to the "event" table for every triggered alert.
This table references a signatures table but that table is empty also.
If both the signature and event table are empty then Snort is definitely not logging to the database? Any entries in the "sensor" table? Roman --------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Oracle Database Table Explanation Ray Seals (May 29)
- <Possible follow-ups>
- Re: Oracle Database Table Explanation roman (May 29)
- RE: Oracle Database Table Explanation Ray Seals (May 29)
- RE: Oracle Database Table Explanation roman (Jun 01)
- RE: Oracle Database Table Explanation Ray Seals (Jun 01)