Re: ACID and schema 104

["Andrew R. Baker" <andrewb0x29a () yahoo com>]

This is probably caused by a minor difference between the barnyard and
snort db plugins.  The snort db plugin will automagically create a sensor
id based on runtime parameters.  Since barnyard does not have knowledge of
how snort was run, you have to configure the sensor id in barnyard.conf. 
ACID probably needs to have the sensor id added to the database, but
AFAIK, there is no mechanism in ACID for manually creating a sensor.  I
will be checking a script into barnyard CVS to handle this later this
week.

-A


--- Jason Lewis <jlewis () packetnexus com> wrote:
> While trying to figure out my problems with barnyard, I upgraded to
> schema
> 104.  I am wondering if that is my problem.  Data is being inserted into
> the
> DB, but ACID is only graphing the data.  None of the other fields are
> updated.
>
> I decided to blow it all away and start from scratch with the cvs
> versions
> of ACID and snort.  I created the DB and ACID reports it is schema 104,
> but
> it still doesn't update the fields, Unique Alerts, Total Number of
> Alerts,
> etc.
>
> So, it looks like barnyard is working, but my problem may be with
> ACID.....
> I am probably overlooking something...any ideas?
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users