[Snort-users] barnyard-0.1.0beta4

Chris Green cmg at ...671...
Fri Feb 22 07:16:26 EST 2002


bthaler at ...2720... writes:

> Demarc uses a different database structure than Acid.
>

For demarc/acid specific stuff... ok. I'm not positive that demarc
existed at the time of that plugin creation.  

> The comments for the Acid output plugin in the barnyard.conf file
>state: "Used to output data into the db schema used by ACID"
>
> While I have not actually verified this, I assume it's referring to
> Acid's schema, and not some generic schema. 

It was called ACID because acid and the that database format are
fairly closely coupled from a maintence standpoint.

> If, on the other hand, this output plugin writes to the generic
> snort tables present in both Acid and Demarc, then that's a
> different story.  Again, I'm going to assume that "Used to output
> data into the db schema used by ACID" means just that.  If this is
> not the case, then I suggest that someone either correct the
> comments in barnyard.conf, or rename the plugin.

The comments probably should be corrected...

>
> Anyway, I'm just trying to verify where this plugin actually writes
> to (db tables) without having to install, configure and run it
> myself.

grep INSERT op_acid_db.c.. Do any of those not work for demarc?
-- 
Chris Green <cmg at ...671...>
"Yeah, but you're taking the universe out of context."




More information about the Snort-users mailing list