Snort mailing list archives
Re: Barnyard2 timestamp resolution
From: Ian <snort_list () fishnet co uk>
Date: Thu, 25 Aug 2016 11:47:00 +0100
On 24/08/2016 17:20, Asad, Hafiz ul wrote:
Thanks, But as far as I know, we use barnyard2 schema instead of creating tables ourselves? asad
Hi, Issue the following SQL using your favourite client (you may need to adjust to suit your db): ALTER TABLE `event` CHANGE COLUMN `timestamp` `timestamp` DATETIME(6) NOT NULL DEFAULT '0000-00-00 00:00:00'; I just tested this on one of mine and it worked fine - but barnyard2 isn't sending the milliseconds (they are logged to file through). Maybe its time to ask the developer: https://github.com/firnsy/barnyard2 (Or test with Postgresql) Regards Ian --
------------------------------------------------------------------------ *From:* Ian <snort_list () fishnet co uk> *Sent:* Wednesday, August 24, 2016 3:07:26 PM *To:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] Barnyard2 timestamp resolution On 24/08/2016 14:15, Asad, Hafiz ul wrote:Snort Users, I wonder whether Barnyard2 timestamp, in the mysql database, could be for example "2016-07-25 11:25:31.355". Currently, it seems, the timestamp resolution is in seconds and I want that to be in milli-seconds. Could anyone help? Regards asadHi, In MySQL you must make sure you specify the fractional seconds precision when creating the table: http://dev.mysql.com/doc/refman/5.6/en/fractional-seconds.html e.g CREATE TABLE t1 (t TIME(3), dt DATETIME(6)); Where TIME(3) would give 00:00:00.000 and DATETIME(6) gives 0000-00-00 00:00:00.000000 This appears to be supported in version 5.6 and above. Regards Ian -- ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 timestamp resolution Asad, Hafiz ul (Aug 24)
- Re: Barnyard2 timestamp resolution wkitty42 (Aug 24)
- Re: Barnyard2 timestamp resolution Asad, Hafiz ul (Aug 24)
- Re: Barnyard2 timestamp resolution wkitty42 (Aug 24)
- Re: Barnyard2 timestamp resolution Asad, Hafiz ul (Aug 24)
- Re: Barnyard2 timestamp resolution Ian (Aug 24)
- Re: Barnyard2 timestamp resolution Asad, Hafiz ul (Aug 24)
- Re: Barnyard2 timestamp resolution Ian (Aug 25)
- Re: Barnyard2 timestamp resolution Asad, Hafiz ul (Aug 24)
- Re: Barnyard2 timestamp resolution wkitty42 (Aug 24)