[Snort-users] ACID Archiving on Postgresql

roman at ...438... roman at ...438...
Fri Sep 7 11:00:03 EDT 2001


A fix implementing a combination of option 1 and 2 suggested
below has been committed to CVS.

Roman.

On Fri, 7 Sep 2001, leE wrote:

> On Thu, Sep 06, 2001 at 01:13:51PM -0400, Fraser Hugh wrote:
> > It appears that the pre-processors do not include a sig_class_id or
> > sig_priority. If specified in the insert statement, they're required to be
> > int8 values, but they're not required fields. However, the archive code
> > explicitly copies these values over, and postgres balks because the fields
> > aren't int8.
> >
> > There's a few solutions, probably in order of preference, but I'm not one
> > for the developers and don't understand the implications.
> > 1. Change the archiving code to exclude NULL fields.
> > 2. Change the plugins to include a non-NULL value for these fields.
> > 3. Add a trigger to the signature table to force a value for the fields. Not
> > having the time to dig through the code, this was my quick solution.
>
> I've attached a patch for acid_common.inc - it lacks any kind of
> grace or finesse, but it does sort the problem out ;)
>
>   Lee
>
>



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list