Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort sensor table in ACID

From: roman () danyliw com
Date: Wed, 2 Jan 2002 17:03:37 EST
ACID determines the number of sensors with the following SQL:

SELECT COUNT(*) from sensor;

(Note: a field count is done; the last_value of sensor_id_seq is not used)

As you noted, the IDs assigned to the sensors by a sequence. 
However, beyond their uniqueness, the specific value has no intrinsic
meaning.  Simply delete the row from the sensor table associated with the
unused sensor.

Since the sensorID (sid) is meaningless, there is no reason to worry
about decrementing the sensor_id_seq.

cheers,
Roman  

On Wed, 2 Jan 2002 wfenwick () mail entrenet com wrote:



Hiya,

ACID b19, snort 1.8.3, using PGSQL as the backend database.

Is there any way to make ACID report the correct number of sensors
by deleting the unwanted sensor record from table "sensor" and decrementing the count in

sensor_sid_seq?


Right now I have two sensors in there when only one should be. I
messed up a config parameter and am now correcting it.

pgsql=# select * from sensor;
 sid | hostname | interface | filter | detail | encoding 
-----+----------+-----------+--------+--------+----------
   2 | sensor1  | fxp1      |        |      1 |        0
   1 | sensor1  | fxp1      |        |      1 |        0

The current sequence is at 2 as well.

pqsql=# select * from sensor_sid_seq;
 sequence_name  | last_value | increment_by | max_value  | min_value | cache_value |

log_cnt | is_cycled | is_called 



----------------+------------+--------------+------------+-----------+-------------+---------+-----------+-----------

 sensor_sid_seq |          2 |            1 | 2147483647 |         1 |           1 |    

 32 | f         | t

(1 row)
 

My attempt to fix it failed: 
 
pgsql=# update sensor_sid_seq set last_value=1 where last_value=2;
ERROR:  You can't change sequence relation sensor_sid_seq

Does ACID look at "sensor_sid_seq" to find out how many
sensors are active, or at home many show up in "sensor"?

Is there a way to *safely* decrement sensor_sid_seq to be at 1?

W

                                



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: