Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard not inserting on ACID tables in MySQL, just regular snort ones

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Thu, 02 Sep 2004 09:24:31 +0100
--On 01 September 2004 19:06 +0100 Pedro Fortuna <pedro.fortuna () gmail com> wrote: 


Anyway, now its working with the old DB, but two things are bodering me:
- ACID isn't showing my custom rule's description, it just shows
something like this in the alert "Snort Alert [1:1000002:0]" (1000002
is the rule ID)
I had this problem when I was using mudpit, and mudpit couldn't find sid-msg.map and gen-msg.map. I haven't used barnyard, and I'm using FLoP now, but maybe your problem has the same root. 


- The events time are one our late! An event at 3am shows 2am.
Probably a timezone or daylight savings time thing; I think all events are logged as UTC (i.e. GMT+0). Are you in western Europe, by chance? 


If someone has a clue why Acid failed to insert the events in its tables
(_using_ the blank DB) please say something, so that I can test it.


Did you run create_acid_tbls_mysql.sql from the ACID distribution?


Thanks,
Pedro Fortuna


HTH,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: