[Snort-users] NEW db & ACID

roman at ...438... roman at ...438...
Fri Mar 23 15:57:44 EST 2001


Oops.  I guess I should be doing case-insensitive comparison.
I have re-built the 0.9.6b6 tarball (this time using strncasecmp)

cheers,
Roman

> line 380 in acid_common.php should read
> if ($ref_system == "arachnids")
> 
> not 
> 
> if ($ref_system == "arachNIDS")
> 
> other than that, cool.
> 
> Steve
> 
> > -----Original Message-----
> > From: roman at ...438... [mailto:roman at ...438...]
> > Sent: Friday, March 23, 2001 8:30 AM
> > To: Steve Halligan
> > Subject: RE: [Snort-users] NEW db & ACID
> > 
> > 
> > FYI: it is done => 0.9.6b6
> > 
> > cheers,
> > Roman
> > 
> > > Short answer:  Wait a bit.  Roman is working on making 
> > these changes to
> > > acid.  I looked through it and the changes needed are 
> > fairly extensive.  If
> > > you use Brian Caswell's "ghetto" patch and the old db 
> > struct, acid will work
> > > as it always did.  If you use the new db struct, acid still 
> > works, but you
> > > only see a number for the sig description.  I did a quick 
> > hack to acid to
> > > get the full sig name to show up in the main alert view, 
> > and could provide
> > > it if anyone wants.  But it is just a hack and does not 
> > take care of 99% of
> > > the changes to the db struct.
> > > 
> > > -Steve
> > > 
> > > > -----Original Message-----
> > > > From: F.M. Taylor [mailto:root at ...28...]
> > > > Sent: Friday, March 23, 2001 9:58 AM
> > > > To: snort-users at lists.sourceforge.net
> > > > Subject: [Snort-users] NEW db & ACID
> > > > 
> > > > 
> > > > Sorry if I have not been paying attention lately.  Upgraded 
> > > > to the latest
> > > > CVS this morning, reloaded the database stuff.  Now what do I 
> > > > have to do
> > > > to ACID to make it work with the new db??
> > > > 
> > > > TIA
> > > > 
> > > > ---
> > > > Mike Taylor
> > > > Coordinator of Systems Administration and Network Security
> > > > Indiana State University.               Rankin Hall Rm 039
> > > > 210 N 7th St.                           Terre Haute, IN.
> > > > Voice: 812-237-8843                                  47809
> > > > ---
> > > > "You have zero privacy anyway.  Get over it."
> > > >            --Scott McNealy, Sun MicroSystems. 
> > > > 
> > > > 
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users at lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > > 
> > > 
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > 
> > 
> > 
> > 
> > ---------------------------------------------
> > This message was sent using Voicenet WebMail.
> >       http://www.voicenet.com/webmail/
> > 
> > 
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list