cmg at ...671...
Fri Feb 22 07:16:26 EST 2002
bthaler at ...2720... writes:
> Demarc uses a different database structure than Acid.
For demarc/acid specific stuff... ok. I'm not positive that demarc
existed at the time of that plugin creation.
> The comments for the Acid output plugin in the barnyard.conf file
>state: "Used to output data into the db schema used by ACID"
> While I have not actually verified this, I assume it's referring to
> Acid's schema, and not some generic schema.
It was called ACID because acid and the that database format are
fairly closely coupled from a maintence standpoint.
> If, on the other hand, this output plugin writes to the generic
> snort tables present in both Acid and Demarc, then that's a
> different story. Again, I'm going to assume that "Used to output
> data into the db schema used by ACID" means just that. If this is
> not the case, then I suggest that someone either correct the
> comments in barnyard.conf, or rename the plugin.
The comments probably should be corrected...
> Anyway, I'm just trying to verify where this plugin actually writes
> to (db tables) without having to install, configure and run it
grep INSERT op_acid_db.c.. Do any of those not work for demarc?
Chris Green <cmg at ...671...>
"Yeah, but you're taking the universe out of context."
More information about the Snort-users