Snort mailing list archives

Re: Snort My SQL DB

From: Arun Saini <mailarunsaini () gmail com>
Date: Thu, 23 Jun 2016 22:05:28 +0530

Hi,
Please guide why some packet are not going in acid_event?
Already shared screen shots!!!

Sincerely,

Arun Saini
http://about.me/arun.saini
Mobile :+91-9890738762


On 23 Jun 2016 9:43 pm, "Joel Esler (jesler)" <jesler () cisco com> wrote:

Yes, you need that table.  it’s required by Base.


--
*Joel Esler*
Manager, Talos Group




On Jun 23, 2016, at 6:37 AM, Arun Saini <mailarunsaini () gmail com> wrote:

Hi,

we are using Barnyard2 version 2.1.13<build 327> and
attached 
error sc
r
e
e
n shot
for information
,

 snort version 2.9.5.5 GRE [build 205]
libpcap version 1.3.0
PCRE 8.30 2012-02-04
Zlib 1.2.7

Mysql snort databese tables,

mysql> show tables;
+------------------+
| Tables_in_snort  |
+------------------+
| acid_ag          |
| acid_ag_alert    |
| acid_event         |
| acid_ip_cache    |
| base_roles       |
| base_users       |
| data             |
| detail           |
| encoding         |
| event            |
| icmphdr          |
| iphdr            |
| opt              |
| reference        |
| reference_system |
| schema           |
| sensor           |
| sig_class        |
| sig_reference    |
| signature        |
| tcphdr           |
| udphdr           |
+------------------+
do we need  acid_event  table in our database it ? or please suggest us
whether do we actually require"acid_ag          |
| acid_ag_alert    |
| acid_event         |
| acid_ip_cache "

in our database ?
it is the table where the screen shot saying that the events are not found
the way...
surely we will upgrade our snort but just want to diagnose why this error
is coming on screen.



Sincerely,
Arun Saini
Mobile :+91-9890738762

On 23 June 2016 at 07:33, Joel Esler (jesler) <jesler () cisco com> wrote:

I would help us tremendously if you could tell us what version of
Barnyard2 you are using, what error you are receiving, and even, if you
could update your version of Snort, to something that is supported, that'd
be great too.

--
*Joel Esler*
Manager, Talos Group
Sent from my iPad

On Jun 22, 2016, at 9:24 PM, Arun Saini <mailarunsaini () gmail com> wrote:

Hi,
Can anyone help me to know the table names under mysql dB for snort from
where Base read the data,actually I have a table named as acid_events and
acid_cache where some of the records/data failed to inset, and on base
screen I get notification I.e.alerts have NOT found their way into acid "
please see attached screen , requesting you to please help us to resolve
the issue ..

we are using snort version 2.9.5.5 GRE [build 205]

libpcap version 1.3.0

PCRE 8.30 2012-02-04

Zlib 1.2.7

I can provide the screen shot if required!!!



Sincerely,

Arun Saini
Mobile :+91-9890738762



------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!


<not found the way to acid events.png><alerts have NOT found their way
into acid.png>

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort My SQL DB Arun Saini (Jun 22)
- Re: Snort My SQL DB Joel Esler (jesler) (Jun 22)
  - Message not available
    - Fwd: Snort My SQL DB Arun Saini (Jun 23)
    - Re: Snort My SQL DB Joel Esler (jesler) (Jun 23)
    - Re: Snort My SQL DB Arun Saini (Jun 23)
    - Re: Snort My SQL DB Arun Saini (Jun 23)
    - Re: Snort My SQL DB wkitty42 (Jun 24)