[Snort-users] MySQL signatures escaped unneccesarily?
rjohnson at ...11181...
Tue Feb 10 20:35:05 EST 2004
I've got Snort 2.1.0 running under Fedora Core 1, logging to a MySQL
4.0.17 database. I've also got ACID running for reporting. So far, so good.
All's well except that certain events appear to be uneccesarily escaped
- for instance spp_portscan appears as spp\_portscan within the
database. This causes ACID to miss the portscan reports completely, or
at least miscategorize them.
I've attempted to modify ACID code, but it seems the real problem is the
new escaping code for databases (MySQL).
Is this something that was fixed in 2.1.1RC1? Is it something that can
Rick Johnson, RHCE #807302311706007 - rjohnson at ...11181...
Linux/Network Administrator - Medata, Inc. (from home)
PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc
More information about the Snort-users