[Snort-users] acid 0.9.6b9

Blake Frantz blake at ...319...
Fri Jun 22 20:34:12 EDT 2001


To quote Jed Pickel in the document found at:
 	http://www.incident.org/snortdb/

<quote>
The database schema is going to grow and improve over time. Keep this in
mind as you develop applications based on this schema.

The fields ip_src1, ip_src2, ip_src3, ip_src4, ip_dst1, ip_dst2, ip_dst3,
ip_dst4 are going to be removed in the next major release of the database
schema after snort 1.7 is released; therefore, you will need to use the
fields ip_src and ip_dst to obtain IP information. Info on the best ways
to do this will be posted here when I get around to it.

To normalize the database schema I plan to make a table called signature
that has an integer and a text string. The signature field in the event
table will then be replaced by a reference number to this signature table.
</quote>

Hope this helps.

-Blake

================================================================= 
The Government, like diapers, should be replaced regularly, and
often for the same reasons. 

On Fri, 22 Jun 2001, Dan Fiorito wrote:

> Hi all:
>  
> just built snort 1.8 beta 6 from CVS, is the new DB Schema (103) compatible
> with acid 6b9?
>  
> I get the following error when I try to look at any data.
>  
>  
> Query execution error: 
> Database ERROR:Unknown column 'ip_src0' in 'field list'
>  
>  
>  
> Thanks,
> Dan
> 





More information about the Snort-users mailing list