Snort mailing list archives

Re: Archiving support in Acid 0.9.6b10

From: roman () danyliw com
Date: Thu, 21 Jun 2001 13:53:16 US/Eastern

[Note: I did not cross post on snort-devel () lists sf net]

Problem 1:
If I use the "Archive Alert(s) - copy" with any alert..

Database ERROR:Unknown column 'ip_src0' in 'field list'


A minor tweak has needed (and now commited into CVS)
to prevent the archiving process from reading these fields.
One of the modifications to the DB schema in v103 was the
removal of these fields

Question 1:

The archive database have to have another squema or is the same? It
that it's not founding some items in a table.


No.  The archive DB schema should match the original alert DB
schema.

Problem 2:
If I use the "Archive Alert(s) - move" with any alert..

'archive_alert2' is an invalid action  (and then the search page)


Another oversight.  All the necessary code was not commited.

Thanks,
Roman



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Archiving support in Acid 0.9.6b10 Victor Barahona (Jun 20)
- <Possible follow-ups>
- Re: Archiving support in Acid 0.9.6b10 roman (Jun 21)