snort 2.0 mysql logging &'s >'s and <'s

[michaeltone1975 <michaeltone1975 () telstra com>]

Hi,

Snort 2.0 final using mysql and pcap 0.7.2.

its logging the the database, however all rules were working, however 
now it is only logging '>' '<' and '&' characters in the data_payload

any ideas?

much appreciated..

details here:

mysql> select * from data where cid = 864;
+-----+-----+--------------+
| sid | cid | data_payload |
+-----+-----+--------------+
|   1 | 864 | &lt;         |
+-----+-----+--------------+
1 row in set (0.01 sec)

mysql> select * from event where cid = 864;
+-----+-----+-----------+---------------------+
| sid | cid | signature | timestamp           |
+-----+-----+-----------+---------------------+
|   1 | 864 |         4 | 2003-05-08 22:09:50 |
+-----+-----+-----------+---------------------+
1 row in set (0.00 sec)

mysql> select * from signature where sig_id = 4;
+--------+---------------------------------+--------------+-------------
-+---------+---------+
| sig_id | sig_name                        | sig_class_id | 
sig_priority | sig_rev | sig_sid |
+--------+---------------------------------+--------------+-------------
-+---------+---------+
|      4 | MS-SQL Worm propagation attempt |           11 |            
2 |       2 |    2003 |
+--------+---------------------------------+--------------+-------------
-+---------+---------+
1 row in set (0.00 sec)


----------------
Powered by telstra.com

 



-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users