[Snort-users] snort 2.0 mysql logging &'s >'s and <'s

michaeltone1975 michaeltone1975 at ...8897...
Thu May 8 05:53:35 EDT 2003


Hi,

Snort 2.0 final using mysql and pcap 0.7.2.

its logging the the database, however all rules were working, however 
now it is only logging '>' '<' and '&' characters in the data_payload

any ideas?

much appreciated..

details here:

mysql> select * from data where cid = 864;
+-----+-----+--------------+
| sid | cid | data_payload |
+-----+-----+--------------+
|   1 | 864 | <         |
+-----+-----+--------------+
1 row in set (0.01 sec)

mysql> select * from event where cid = 864;
+-----+-----+-----------+---------------------+
| sid | cid | signature | timestamp           |
+-----+-----+-----------+---------------------+
|   1 | 864 |         4 | 2003-05-08 22:09:50 |
+-----+-----+-----------+---------------------+
1 row in set (0.00 sec)

mysql> select * from signature where sig_id = 4;
+--------+---------------------------------+--------------+-------------
-+---------+---------+
| sig_id | sig_name                        | sig_class_id | 
sig_priority | sig_rev | sig_sid |
+--------+---------------------------------+--------------+-------------
-+---------+---------+
|      4 | MS-SQL Worm propagation attempt |           11 |            
2 |       2 |    2003 |
+--------+---------------------------------+--------------+-------------
-+---------+---------+
1 row in set (0.00 sec)


----------------
Powered by telstra.com

 





More information about the Snort-users mailing list