[Snort-users] MySQL signatures escaped unneccesarily?

Rick Johnson rjohnson at ...11181...
Tue Feb 10 20:35:05 EST 2004

I've got Snort 2.1.0 running under Fedora Core 1, logging to a MySQL 
4.0.17 database. I've also got ACID running for reporting. So far, so good.

All's well except that certain events appear to be uneccesarily escaped 
- for instance spp_portscan appears as spp\_portscan within the 
database. This causes ACID to miss the portscan reports completely, or 
at least miscategorize them.

I've attempted to modify ACID code, but it seems the real problem is the 
new escaping code for databases (MySQL).

Is this something that was fixed in 2.1.1RC1? Is it something that can 
be disabled?


Rick Johnson, RHCE #807302311706007 - rjohnson at ...11181...
Linux/Network Administrator - Medata, Inc. (from home)
PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc

More information about the Snort-users mailing list