[Snort-users] Barnyard not inserting on ACID tables in MySQL, just regular snort ones
Dirk_Geschke at ...1344...
Wed Sep 1 00:45:11 EDT 2004
> I don't know why, but barnyard is not inserting on ACID tables in
> MySQL, and ACID does not show any alert.
> I'm pretty sure of:
> - snort is logging alerts correctly to unified log files
> - barnyard is being able to read them and...
> - ... it is connecting to mysql correctly and....
> - it is inserting only on tables event,iphdr,tcphdr,data
> Don't know why:
> - barnyard is not inserting on acid specific tables (it must be
> because of this that ACID does not shows anything!)
that is easy to explain: Only ACID fills the acid tables...
The acid output plugin of barnyard is used to fill the database
scheme which is used by acid. The acid tables are extensions made
by acid to the database and is mainly used for caching or building
up alert groups within acid.
So don't blame barnyard for this...
More information about the Snort-users