[Snort-users] Archiving support in Acid 0.9.6b10

roman at ...438... roman at ...438...
Thu Jun 21 13:53:16 EDT 2001


[Note: I did not cross post on snort-devel at ...2158...]

> Problem 1:
> If I use the "Archive Alert(s) - copy" with any alert..
> 
> Database ERROR:Unknown column 'ip_src0' in 'field list'

A minor tweak has needed (and now commited into CVS)
to prevent the archiving process from reading these fields.
One of the modifications to the DB schema in v103 was the
removal of these fields
 
> Question 1:
> 
> The archive database have to have another squema or is the same? It
> that it's not founding some items in a table.

No.  The archive DB schema should match the original alert DB
schema.
 
> Problem 2:
> If I use the "Archive Alert(s) - move" with any alert..
> 
> 'archive_alert2' is an invalid action  (and then the search page)

Another oversight.  All the necessary code was not commited.

Thanks,
Roman



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list