Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: acid 0.9.6b9

From: roman () danyliw com
Date: Sun, 24 Jun 2001 09:57:05 US/Eastern
There is a bug in dealing with IP address in
ACID 0.9.6b9 and b10.  This bug causes these versions of ACID to be incompatible with
schema v103.  However, the current version in CVS addresses this issue.  Upgrade to
eliminate this error.

Roman



To quote Jed Pickel in the document found at:
      http://www.incident.org/snortdb/

<quote>
The database schema is going to grow and improve over time. Keep this in
mind as you develop applications based on this schema.

The fields ip_src1, ip_src2, ip_src3, ip_src4, ip_dst1, ip_dst2, ip_dst3,
ip_dst4 are going to be removed in the next major release of the database
schema after snort 1.7 is released; therefore, you will need to use the
fields ip_src and ip_dst to obtain IP information. Info on the best ways
to do this will be posted here when I get around to it.

To normalize the database schema I plan to make a table called signature
that has an integer and a text string. The signature field in the event
table will then be replaced by a reference number to this signature table.
</quote>

Hope this helps.

-Blake

================================================================= 
The Government, like diapers, should be replaced regularly, and
often for the same reasons. 

On Fri, 22 Jun 2001, Dan Fiorito wrote:


Hi all:
 
just built snort 1.8 beta 6 from CVS, is the new DB Schema (103) compatible
with acid 6b9?
 
I get the following error when I try to look at any data.
 
 
Query execution error: 
Database ERROR:Unknown column 'ip_src0' in 'field list'
 
 
 
Thanks,
Dan




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: