[Snort-users] Barnyard not inserting on ACID tables in MySQL, just regular snort ones

Dirk Geschke Dirk_Geschke at ...1344...
Wed Sep 1 00:45:11 EDT 2004


Hi Pedro,

> I don't know why, but barnyard is not inserting on ACID tables in
> MySQL, and ACID does not show any alert.
> 
> I'm pretty sure of:
> - snort is logging alerts correctly to unified log files
> - barnyard is being able to read them and...
> - ... it is connecting to mysql correctly and....
> - it is inserting only on tables event,iphdr,tcphdr,data
> 
> Don't know why:
> - barnyard is not inserting on acid specific tables (it must be
> because of this that ACID does not shows anything!)

that is easy to explain: Only ACID fills the acid tables...

The acid output plugin of barnyard is used to fill the database
scheme which is used by acid. The acid tables are extensions made
by acid to the database and is mainly used for caching or building
up alert groups within acid.

So don't blame barnyard for this...

Best regards

Dirk





More information about the Snort-users mailing list