[Snort-users] acid 0.9.6b9

Blake Frantz blake at ...319...
Fri Jun 22 20:34:12 EDT 2001

To quote Jed Pickel in the document found at:

The database schema is going to grow and improve over time. Keep this in
mind as you develop applications based on this schema.

The fields ip_src1, ip_src2, ip_src3, ip_src4, ip_dst1, ip_dst2, ip_dst3,
ip_dst4 are going to be removed in the next major release of the database
schema after snort 1.7 is released; therefore, you will need to use the
fields ip_src and ip_dst to obtain IP information. Info on the best ways
to do this will be posted here when I get around to it.

To normalize the database schema I plan to make a table called signature
that has an integer and a text string. The signature field in the event
table will then be replaced by a reference number to this signature table.

Hope this helps.


The Government, like diapers, should be replaced regularly, and
often for the same reasons. 

On Fri, 22 Jun 2001, Dan Fiorito wrote:

> Hi all:
> just built snort 1.8 beta 6 from CVS, is the new DB Schema (103) compatible
> with acid 6b9?
> I get the following error when I try to look at any data.
> Query execution error: 
> Database ERROR:Unknown column 'ip_src0' in 'field list'
> Thanks,
> Dan

More information about the Snort-users mailing list