Snort mailing list archives

1.7 and MySQL

From: <bthaler () webstream net>
Date: Wed, 22 Aug 2001 09:56:06 -0400

I've noticed that in any of the MySQL tables used by Snort-1.7, the field
'sid' always has a value of '1'.  No matter what table, or what record, it's
always '1'.

Here's my setup:

Snort-1.7-win32-MySQL-static
MySQL-3.23.39-nt
WindowsNT 4 SP6
SnortRules-1.7 from SiliconDefense
WinPcap-2.1
CommandLine - snort -c c:\snort\bin\rules\snort.conf -l c:\snort\logs -i1

The problem is that I'm not getting the IDSKeys, either in Acid-0.9.6b12, or
in my own 'Acid work-alike' that I'm developing.
I've read in other posts that 'sid' = the rule number that triggered the
alert, or something like that.

I can't seem to pinpoint the problem here.

Regards,
Brad T.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

1.7 and MySQL bthaler (Aug 22)
- <Possible follow-ups>
- Re: 1.7 and MySQL roman (Aug 22)
  - Re: 1.7 and MySQL bthaler (Aug 22)
- Re: 1.7 and MySQL roman (Aug 22)
  - Re: 1.7 and MySQL bthaler (Aug 22)