[Snort-users] Barnyard/acid reconfigure question

Henning, David henningd at ...7800...
Thu Dec 19 05:57:02 EST 2002


Excellent explanation!  Thank you!

Dave

-----Original Message-----
From: Jens Krabbenhoeft

Hi,

> What am I missing on how to assign this number and keep it consistent?

op_acid_db.c:

  /* if sensor id == 0, then we attempt attempt to determine it
dynamically */
  if(data->sensor_id == 0)
  {
      data->sensor_id = AcidDbGetSensorId(data);
  }

And AcidDbGetSensorId does the following:

  "SELECT sid FROM sensor WHERE hostname='%s' AND interface='%s' "
  "AND filter='%s' AND detail='%u' AND encoding='0'", pv.hostname,
  pv.interface, pv.filter, op_data->detail)

If it gets a sensor back, it uses that sensor_id, if not, it inserts the
new sensor.

So from the code, to keep it consistent, don't change the hostname /
interface / filter and detail.

Hope that helps,

	Jens

BTW: It works for me. Changing any of these values inserts a new sensor,
chaning nothing doesn't do anything to the sensor-table.


-------------------------------------------------------
This SF.NET email is sponsored by: Order your Holiday Geek Presents Now!
Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap,
MP3 Players,  XBox Games,  Flying Saucers,  WebCams,  Smart Putty.
T H I N K G E E K . C O M       http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list