Snort mailing list archives
RE: logging to MySql....stumped
From: "Scott Renna" <srenna () d-a-s com>
Date: Tue, 22 Jul 2003 08:31:44 -0400
Would I have better luck dumping it to a PostgreSQL database? I've noticed in Barnyard's output when it doesn't have anything it's picking up, entries are just shown as time 00:00:00. I forget the date that it defaults to but it's definitely not the current one. I'm going to try this patch out and let you know on the results. Scott *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 *************************** -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Chris Keladis Sent: Tuesday, July 22, 2003 7:53 AM To: Scott Renna Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] logging to MySql....stumped Scott Renna wrote: Hi Scott,
Now that I've gotten some help in editing configure.in in Barnyard to work with MySQLServer 4.0....it's up and running and seems to be doing
its job. It's no longer producing any errors however, it doesn't look
like it's actually logging to ACID. I've run a few port scans and snort is picking up the scans and creating alert and log files. ACID is not displaying the result however.
I've submitted this information to Andrew and Marty, so hopefully it will be corrected in future releases. Anyway, i had the same problem, and after closer examination i found that "zero" dates/times were being inserted into the database. This happens (from what i've gathered) because the date/time string that barnyard inserts, isn't compatible with MySQLs 'DATETIME' datatype, resulting in an error, and MySQL ends up inserting 'null' date strings (which is why - i think - you dont see anything in acid, as all the events occurred on 00-00-0000 at 00:00!) ;) The following trivial patch should get it going (hopefully it's not line-wrapped beyond recognition): --- barnyard-0.1.0/src/util.c.orig 2003-07-20 10:46:43.000000000 +1000 +++ barnyard-0.1.0/src/util.c 2003-07-20 10:46:51.000000000 +1000 @@ -508,7 +508,7 @@ if(pv.localtime) { lt = localtime(&timet); - return strftime(timebuf, len, "%Y-%m-%d %H:%M:%S %z", lt); + return strftime(timebuf, len, "%Y-%m-%d %H:%M:%S%z", lt); } lt = gmtime(&timet); YMMV, Chris. ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging to MySql....stumped Scott Renna (Jul 21)
- Re: logging to MySql....stumped Chris Keladis (Jul 22)
- RE: logging to MySql....stumped Scott Renna (Jul 22)
- Re: logging to MySql....stumped Chris Keladis (Jul 22)
- RE: logging to MySql....stumped Scott Renna (Jul 22)
- Re: logging to MySql....stumped Chris Keladis (Jul 22)