[Snort-users] Help with ACID and timestamps

Steve Halligan agent33 at ...187...
Fri Jan 12 10:08:38 EST 2001


What version of ACID are you using?  Are the timestamps save correctly in
the database? (use command line mysql, or a gui mysql client (eg. kMySQL))

If you are using the version from incident, try this newer one:
http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html

> -----Original Message-----
> From: Mitch Thompson [mailto:mitchthompson at ...539...]
> Sent: Friday, January 12, 2001 6:06 AM
> To: Snort-Users List
> Subject: [Snort-users] Help with ACID and timestamps
> 
> 
> Need some help, and don't seem to be able to find the info anywhere
> else.  
> 
> I have snort 1.7 compiled and running on an Alpha Multia 
> w/RH6.2.  This
> is
> my firewall/NAT box from my home network to the net.  Snort compiles
> fine,
> except for a few warnings.  I have it configured to log 
> everything to a
> MySQL database on an internal network box, which it is doing.  Then, I
> am
> using ACID to access the database.  Everything looks good EXCEPT the
> date
> and time for each record is always 0000-00-00/00:00:00.  
> 
> Entries in /var/log/snort/alert don't have a recognizable 
> date entry, at
> least not to me:
> 
> [**]  ICMP Destination Unreachable [**]
> 11/16-00:24:03.000370 24.xx.xxx.xxx -> 24.xx.xxx.xxx
> -----
>   |
>   ----Is this supposed to be the format for the date?
> 
> 
> ICMP TTL:255 TOS:0xC0 ID:21176 IpLen:20 DgmLen:356
> Type:3 Code:3  DESTINATION UNREACHABLE:  PORT UNREACHABLE
> ...
> 
> I can attach a copy of a short ACID query if it helps.
> 
> Sorry if this is in a FAQ somewhere.  I spent about an hour yesterday
> searching
> through Snort, ACID, and the page at incident.org for the database
> plugin.
> 
> Thanks in advance.
> 
> --
> Mitch Thompson, San Antonio TX
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010112/dd634d08/attachment.html>


More information about the Snort-users mailing list