[Snort-users] Re: Does ACID extend the structure of SNORT Log DataBase?

Roman Danyliw roman at ...438...
Thu Sep 14 08:55:31 EDT 2000


Xu Zhenqing,

The quick answer is that ACID does not yet extend the Snort log database
format.  However, in the next version it will.

I suspect the problem you are experiencing is due to the fact that you are
using an older version of Snort.  ACID requires Snort 1.7-beta0 or
later; that is to say, you can only get this version from CVS right
now.  Since Snort 1.6.3, the DB format has changed significantly offering
many advantages.  ACID exploits this new structures.  I strongly suggest
you upgrade your version of Snort.

There has been a new release of ACID (v0.9.3) that fixed some bugs and 
will verify you database version.  It is currently only on the mirror
site:

http://www.andrew.cmu.edu/~rdanyliw/snort/
download: http://www.andrew.cmu.edu/~rdanyliw/snort/acid.0.9.3.tar.gz  

It will be migrated to the primary site shortly:

http://www.cert.org/kb/acid/

If you continue having problems, let me know.  Please keep the feedback
coming!

cheers,
Roman

On Thu, 14 Sep 2000, Xu Zhenqing wrote:

>
> Sorry for my poor english,
>
>   I download one copy of ACID and install on my linux box with
snort-1.6.3.
> I have found that ACID want to pick up some fields even tables(for
instance: 'data'
> table)that don't exist in MySQL which snort logs into.
>   How can I do with it?
>
>
>             Xu Zhenqing
>             xuzq at ...452...
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
>






More information about the Snort-users mailing list