Re: FIX: ACID 0.9.6b13+ and DB schema v0 (Snort 1.7)

[roman () danyliw com]

The issue with signatures being displayed 
incorrectly in ACID 0.9.6b13 with DB v0 appears to
be the result of an bug in the DDL script which
creates the acid_event.  A patch has been committed
to CVS.

* If you have are using DB v100+ (Snort 1.8) this
does not affect you

* If you are using DB v0 (Snort 1.7) with 
ACID v0.9.6b13 or what was in CVS you will need 
to do the following from your mysql client:

mysql> ALTER TABLE acid_event MODIFY signature VARCHAR(255) NOT NULL;

mysql> DELETE FROM acid_event;

This will delete the event cache and update the cache
schema.  When you load up ACID again, the event 
cache will need to be re-built (Note: unless you
have turned this functionality off, it will happen
automatically -- be patient this may take some time).

* If you are using DB v0 (Snort 1.7) with 
ACID < v0.9.6b13 this does not affect you.

cheers,
Roman

> Last week was a bit busy, and it looks like I 
> have a few pending emails ...
>
> I have confirmed that ACID 0.9.6b13+ will not
> display signatures correctly (i.e. will return
> a '0') when used with DB schema v0 (Snort 1.7). I
> will try to get a fix out ASAP.
>
> cheers,
> Roman
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users