[Snort-users] Help with ACID and timestamps

Mitch Thompson mitchthompson at ...539...
Fri Jan 12 07:05:43 EST 2001


Need some help, and don't seem to be able to find the info anywhere
else.  

I have snort 1.7 compiled and running on an Alpha Multia w/RH6.2.  This
is
my firewall/NAT box from my home network to the net.  Snort compiles
fine,
except for a few warnings.  I have it configured to log everything to a
MySQL database on an internal network box, which it is doing.  Then, I
am
using ACID to access the database.  Everything looks good EXCEPT the
date
and time for each record is always 0000-00-00/00:00:00.  

Entries in /var/log/snort/alert don't have a recognizable date entry, at
least not to me:

[**]  ICMP Destination Unreachable [**]
11/16-00:24:03.000370 24.xx.xxx.xxx -> 24.xx.xxx.xxx
-----
  |
  ----Is this supposed to be the format for the date?


ICMP TTL:255 TOS:0xC0 ID:21176 IpLen:20 DgmLen:356
Type:3 Code:3  DESTINATION UNREACHABLE:  PORT UNREACHABLE
...

I can attach a copy of a short ACID query if it helps.

Sorry if this is in a FAQ somewhere.  I spent about an hour yesterday
searching
through Snort, ACID, and the page at incident.org for the database
plugin.

Thanks in advance.

--
Mitch Thompson, San Antonio TX




More information about the Snort-users mailing list