[Snort-devel] Portscan preprocessor output not showing up in acid with a Postgresql

roman at ...49... roman at ...49...
Fri Apr 27 11:15:33 EDT 2001


Noted.  

It would appear to be an related to the fact that
PostgreSQL does not support OUTER (in this case LEFT) joins.
I will investigate the required SQL tweaking.

Roman

> Good evening,
> 
> As per a request, I have been testing snort logging to a postgresql db
> over here for several days.  I am seeing something that may be a
> problem with either snort, or acid, not sure which.  I am using the
> cvs version of snort, current as of last evning, April 20, the current
> cvs version of acid, and postgresql-7.0.3 under NetBSD-1.5 i386.  UThe
> dbs for mysql and postgresql were created from the current create
> scripts in contrib.  
> 
> Now the problem: keeping all else constant, portscan data is showing
> up in acid when clicking on the unique alerts link under mysql, but
> not under postgresql.  It appears the data is being logged under
> postgresql, because it does show up under the trafic by profiles, but
> under unique alerts it does not show.  It seems about the only way in
> acid to clear the portscans out is to click on the sensor from which
> it came and delete all.  The portscans also are counted in the number
> of unique alerts, just not displayed.
> 
> I hope I have not left anything important out of this, but if so, feel
> free to holer at me.  :-)
> 
> -Len
> 
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-devel mailing list