Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: ACID Archiving on Postgresql

From: Fraser Hugh <hugh_fraser () dofasco ca>
Date: Thu, 6 Sep 2001 13:13:51 -0400
It appears that the pre-processors do not include a sig_class_id or
sig_priority. If specified in the insert statement, they're required to be
int8 values, but they're not required fields. However, the archive code
explicitly copies these values over, and postgres balks because the fields
aren't int8.

There's a few solutions, probably in order of preference, but I'm not one
for the developers and don't understand the implications. 
1. Change the archiving code to exclude NULL fields. 
2. Change the plugins to include a non-NULL value for these fields. 
3. Add a trigger to the signature table to force a value for the fields. Not
having the time to dig through the code, this was my quick solution.


-----Original Message-----
From: leE [SMTP:lee () nerds org uk]
Sent: Thursday, September 06, 2001 11:55 AM
To:   snort-users () lists sourceforge net
Subject:      [Snort-users] ACID Archiving on Postgresql

On Thu, Sep 06, 2001 at 03:21:59PM +0100, leE wrote:

Hi,

  I've seen this posted to the lists a couple of times, but without

resolution.  So I'm hoping by reposting I might add some previously
missing detail, or someone will be insipered with the solution or
something ;)


  In my case (and all the other posts I've seen) this occurs when trying

to use the archiving option in ACID with a postgresql backend.  The
archive database seems to be fine and all other queries work ok.  However
when the archive command is submitted I get this (ACID is in debug mode):



Gathering elements from 50 alert blobs
1 - 488766
Checking for DB abstraction lib in '/data/www/adodb/adodb.inc.php'
Database ERROR:ERROR: Bad int8 external representation "" 


  This happens irrespective of which critera I am using to archive the

events and how many I am trying to archive at once.


Any ideas more than welcome ;)


Apologies for the broken subject on that, what can I say? Mail
client trauma ;)

  Lee


-- 
Lee Brotherston - <lee () nerds org uk>
http://www.nerds.org.uk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: