[Snort-users] ACID Archiving on Postgresql

leE lee at ...3342...
Thu Sep 6 19:03:03 EDT 2001


On Thu, Sep 06, 2001 at 01:13:51PM -0400, Fraser Hugh wrote:
> It appears that the pre-processors do not include a sig_class_id or
> sig_priority. If specified in the insert statement, they're required to be
> int8 values, but they're not required fields. However, the archive code
> explicitly copies these values over, and postgres balks because the fields
> aren't int8.
> 
> There's a few solutions, probably in order of preference, but I'm not one
> for the developers and don't understand the implications. 
> 1. Change the archiving code to exclude NULL fields. 
> 2. Change the plugins to include a non-NULL value for these fields. 
> 3. Add a trigger to the signature table to force a value for the fields. Not
> having the time to dig through the code, this was my quick solution.

I've attached a patch for acid_common.inc - it lacks any kind of
grace or finesse, but it does sort the problem out ;)

  Lee

-- 
Lee Brotherston - <lee at ...3342...>
http://www.nerds.org.uk
-------------- next part --------------
*** 916,925 ****
--- 922,938 ----
       if ( $sig_id == "" )
       {
          if ( $db->acidGetDBVersion() >= 103 )
+               if($sig_class_id && $sig_priority) {
                        $sql = "INSERT INTO signature ".
                                "(sig_name, sig_class_id, sig_priority, sig_rev, sig_sid) ".
                                "VALUES ('$sig_name','".$sig_class_id."', '".$sig_priority."',
".
                                "'".$sig_rev."', '".$sig_sid."')";
+               } else {
+                       $sql = "INSERT INTO signature ".
+                                 "(sig_name, sig_rev, sig_sid) ".
+                                 "VALUES ('$sig_name', ".
+                                 "'".$sig_rev."', '".$sig_sid."')";
+               }
          else
             $sql = "INSERT INTO signature (sig_name) VALUES ('".$sig_name."')";
          $db2->acidExecute($sql);
***************



More information about the Snort-users mailing list