[Snort-users] ACID and schema 104

Andrew R. Baker andrewb0x29a at ...131...
Wed Oct 17 11:01:10 EDT 2001


This is probably caused by a minor difference between the barnyard and
snort db plugins.  The snort db plugin will automagically create a sensor
id based on runtime parameters.  Since barnyard does not have knowledge of
how snort was run, you have to configure the sensor id in barnyard.conf. 
ACID probably needs to have the sensor id added to the database, but
AFAIK, there is no mechanism in ACID for manually creating a sensor.  I
will be checking a script into barnyard CVS to handle this later this
week.

-A


--- Jason Lewis <jlewis at ...2449...> wrote:
> While trying to figure out my problems with barnyard, I upgraded to
> schema
> 104.  I am wondering if that is my problem.  Data is being inserted into
> the
> DB, but ACID is only graphing the data.  None of the other fields are
> updated.
> 
> I decided to blow it all away and start from scratch with the cvs
> versions
> of ACID and snort.  I created the DB and ACID reports it is schema 104,
> but
> it still doesn't update the fields, Unique Alerts, Total Number of
> Alerts,
> etc.
> 
> So, it looks like barnyard is working, but my problem may be with
> ACID.....
> I am probably overlooking something...any ideas?
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com




More information about the Snort-users mailing list