[Snort-users] Help with ACID and timestamps
mitchthompson at ...539...
Fri Jan 12 07:05:43 EST 2001
Need some help, and don't seem to be able to find the info anywhere
I have snort 1.7 compiled and running on an Alpha Multia w/RH6.2. This
my firewall/NAT box from my home network to the net. Snort compiles
except for a few warnings. I have it configured to log everything to a
MySQL database on an internal network box, which it is doing. Then, I
using ACID to access the database. Everything looks good EXCEPT the
and time for each record is always 0000-00-00/00:00:00.
Entries in /var/log/snort/alert don't have a recognizable date entry, at
least not to me:
[**] ICMP Destination Unreachable [**]
11/16-00:24:03.000370 24.xx.xxx.xxx -> 24.xx.xxx.xxx
----Is this supposed to be the format for the date?
ICMP TTL:255 TOS:0xC0 ID:21176 IpLen:20 DgmLen:356
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
I can attach a copy of a short ACID query if it helps.
Sorry if this is in a FAQ somewhere. I spent about an hour yesterday
through Snort, ACID, and the page at incident.org for the database
Thanks in advance.
Mitch Thompson, San Antonio TX
More information about the Snort-users