[Snort-users] Barnyard/acid reconfigure question

Jens Krabbenhoeft tschenz-snort-users at ...7018...
Thu Dec 19 00:04:03 EST 2002


Hi,

> What am I missing on how to assign this number and keep it consistent?

op_acid_db.c:

  /* if sensor id == 0, then we attempt attempt to determine it dynamically */
  if(data->sensor_id == 0)
  {
      data->sensor_id = AcidDbGetSensorId(data);
  }

And AcidDbGetSensorId does the following:

  "SELECT sid FROM sensor WHERE hostname='%s' AND interface='%s' "
  "AND filter='%s' AND detail='%u' AND encoding='0'", pv.hostname,
  pv.interface, pv.filter, op_data->detail)

If it gets a sensor back, it uses that sensor_id, if not, it inserts the
new sensor.

So from the code, to keep it consistent, don't change the hostname /
interface / filter and detail.

Hope that helps,

	Jens

BTW: It works for me. Changing any of these values inserts a new sensor,
chaning nothing doesn't do anything to the sensor-table.




More information about the Snort-users mailing list