[Snort-users] Snort My SQL DB

Arun Saini mailarunsaini at ...11827...
Thu Jun 23 12:35:28 EDT 2016


Hi,
Please guide why some packet are not going in acid_event?
Already shared screen shots!!!

Sincerely,

Arun Saini
http://about.me/arun.saini
Mobile :+91-9890738762


On 23 Jun 2016 9:43 pm, "Joel Esler (jesler)" <jesler at ...589...> wrote:

> Yes, you need that table.  it’s required by Base.
>
>
> --
> *Joel Esler*
> Manager, Talos Group
>
>
>
>
> On Jun 23, 2016, at 6:37 AM, Arun Saini <mailarunsaini at ...11827...> wrote:
>
> Hi,
>
> we are using Barnyard2 version 2.1.13<build 327> and
> ​attached ​
> error sc
> ​r​
> e
> ​e​
> n shot
> ​for information​
> ,
>
>  snort version 2.9.5.5 GRE [build 205]
> libpcap version 1.3.0
> PCRE 8.30 2012-02-04
> Zlib 1.2.7
>
> Mysql snort databese tables,
>
> mysql> show tables;
> +------------------+
> | Tables_in_snort  |
> +------------------+
> | acid_ag          |
> | acid_ag_alert    |
> | acid_event         |
> | acid_ip_cache    |
> | base_roles       |
> | base_users       |
> | data             |
> | detail           |
> | encoding         |
> | event            |
> | icmphdr          |
> | iphdr            |
> | opt              |
> | reference        |
> | reference_system |
> | schema           |
> | sensor           |
> | sig_class        |
> | sig_reference    |
> | signature        |
> | tcphdr           |
> | udphdr           |
> +------------------+
> do we need  acid_event  table in our database it ? or please suggest us
> whether do we actually require"acid_ag          |
> | acid_ag_alert    |
> | acid_event         |
> | acid_ip_cache "
>
> in our database ?
> it is the table where the screen shot saying that the events are not found
> the way...
> surely we will upgrade our snort but just want to diagnose why this error
> is coming on screen.
>
>
>> ​Sincerely,
> Arun Saini
> Mobile :+91-9890738762
>
> On 23 June 2016 at 07:33, Joel Esler (jesler) <jesler at ...589...> wrote:
>
>> I would help us tremendously if you could tell us what version of
>> Barnyard2 you are using, what error you are receiving, and even, if you
>> could update your version of Snort, to something that is supported, that'd
>> be great too.
>>
>> --
>> *Joel Esler*
>> Manager, Talos Group
>> Sent from my iPad
>>
>> On Jun 22, 2016, at 9:24 PM, Arun Saini <mailarunsaini at ...11827...> wrote:
>>
>> Hi,
>> Can anyone help me to know the table names under mysql dB for snort from
>> where Base read the data,actually I have a table named as acid_events and
>> acid_cache where some of the records/data failed to inset, and on base
>> screen I get notification I.e.alerts have NOT found their way into acid "
>> please see attached screen , requesting you to please help us to resolve
>> the issue ..
>>
>> we are using snort version 2.9.5.5 GRE [build 205]
>>
>> libpcap version 1.3.0
>>
>> PCRE 8.30 2012-02-04
>>
>> Zlib 1.2.7
>>
>> I can provide the screen shot if required!!!
>>
>> ​​
>> ​​
>> Sincerely,
>>
>> Arun Saini
>> Mobile :+91-9890738762
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
>> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
>> present their vision of the future. This family event has something for
>> everyone, including kids. Get more information and register today.
>> http://sdm.link/attshape
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>
> <not found the way to acid events.png><alerts have NOT found their way
> into acid.png>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160623/0c30565a/attachment.html>


More information about the Snort-users mailing list