[Snort-users] logging to MySql....stumped
srenna at ...9588...
Tue Jul 22 05:33:21 EDT 2003
Would I have better luck dumping it to a PostgreSQL database? I've
noticed in Barnyard's output when it doesn't have anything it's picking
up, entries are just shown as time 00:00:00. I forget the date that it
defaults to but it's definitely not the current one.
I'm going to try this patch out and let you know on the results.
Head Systems Administrator
Dynamic Animation Systems
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Chris
Sent: Tuesday, July 22, 2003 7:53 AM
To: Scott Renna
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] logging to MySql....stumped
Scott Renna wrote:
> Now that I've gotten some help in editing configure.in in Barnyard to
> work with MySQLServer 4.0....it's up and running and seems to be doing
> its job. It's no longer producing any errors however, it doesn't look
> like it's actually logging to ACID. I've run a few port scans and
> snort is picking up the scans and creating alert and log files. ACID
> is not displaying the result however.
I've submitted this information to Andrew and Marty, so hopefully it
will be corrected in future releases.
Anyway, i had the same problem, and after closer examination i found
that "zero" dates/times were being inserted into the database.
This happens (from what i've gathered) because the date/time string that
barnyard inserts, isn't compatible with MySQLs 'DATETIME' datatype,
resulting in an error, and MySQL ends up inserting 'null' date strings
(which is why - i think - you dont see anything in acid, as all the
events occurred on 00-00-0000 at 00:00!) ;)
The following trivial patch should get it going (hopefully it's not
line-wrapped beyond recognition):
--- barnyard-0.1.0/src/util.c.orig 2003-07-20 10:46:43.000000000
+++ barnyard-0.1.0/src/util.c 2003-07-20 10:46:51.000000000 +1000
@@ -508,7 +508,7 @@
lt = localtime(&timet);
- return strftime(timebuf, len, "%Y-%m-%d %H:%M:%S %z", lt);
+ return strftime(timebuf, len, "%Y-%m-%d %H:%M:%S%z", lt);
lt = gmtime(&timet);
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users