[Snort-devel] Portscan preprocessor output not showing up in acid with a Postgresql

roman at ...49... roman at ...49...
Mon Apr 30 13:54:44 EDT 2001


Joshua: Thanks for the pointer about the PostgreSQL 7.1 update!

Len: As Joshua noted, PostgreSQL now support outer joins.
I recommend you download PostgreSQL 7.1, upgrade your
DB, and check-out a new copy of ACID from CVS.

cheers,
Roman

> Noted.  
> 
> It would appear to be an related to the fact that
> PostgreSQL does not support OUTER (in this case LEFT) joins.
> I will investigate the required SQL tweaking.
> 
> Roman
> 
> > Good evening,
> > 
> > As per a request, I have been testing snort logging to a postgresql db
> > over here for several days.  I am seeing something that may be a
> > problem with either snort, or acid, not sure which.  I am using the
> > cvs version of snort, current as of last evning, April 20, the current
> > cvs version of acid, and postgresql-7.0.3 under NetBSD-1.5 i386.  UThe
> > dbs for mysql and postgresql were created from the current create
> > scripts in contrib.  
> > 
> > Now the problem: keeping all else constant, portscan data is showing
> > up in acid when clicking on the unique alerts link under mysql, but
> > not under postgresql.  It appears the data is being logged under
> > postgresql, because it does show up under the trafic by profiles, but
> > under unique alerts it does not show.  It seems about the only way in
> > acid to clear the portscans out is to click on the sensor from which
> > it came and delete all.  The portscans also are counted in the number
> > of unique alerts, just not displayed.
> > 
> > I hope I have not left anything important out of this, but if so, feel
> > free to holer at me.  :-)
> > 
> > -Len
> > 
> > 
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel at lists.sourceforge.net
> > http://lists.sourceforge.net/lists/listinfo/snort-devel
> > 
> 
> 
> 
> ---------------------------------------------
> This message was sent using Voicenet WebMail.
>       http://www.voicenet.com/webmail/
> 
> 
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-devel mailing list