Snort mailing list archives

RE: Barnyard/acid reconfigure question

From: "Henning, David" <henningd () fortrex com>
Date: Thu, 19 Dec 2002 09:01:38 -0500

Excellent explanation!  Thank you!

Dave

-----Original Message-----
From: Jens Krabbenhoeft

Hi,

What am I missing on how to assign this number and keep it consistent?


op_acid_db.c:

  /* if sensor id == 0, then we attempt attempt to determine it
dynamically */
  if(data->sensor_id == 0)
  {
      data->sensor_id = AcidDbGetSensorId(data);
  }

And AcidDbGetSensorId does the following:

  "SELECT sid FROM sensor WHERE hostname='%s' AND interface='%s' "
  "AND filter='%s' AND detail='%u' AND encoding='0'", pv.hostname,
  pv.interface, pv.filter, op_data->detail)

If it gets a sensor back, it uses that sensor_id, if not, it inserts the
new sensor.

So from the code, to keep it consistent, don't change the hostname /
interface / filter and detail.

Hope that helps,

        Jens

BTW: It works for me. Changing any of these values inserts a new sensor,
chaning nothing doesn't do anything to the sensor-table.


-------------------------------------------------------
This SF.NET email is sponsored by: Order your Holiday Geek Presents Now!
Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap,
MP3 Players,  XBox Games,  Flying Saucers,  WebCams,  Smart Putty.
T H I N K G E E K . C O M       http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.NET email is sponsored by: Geek Gift Procrastinating?
Get the perfect geek gift now!  Before the Holidays pass you by.
T H I N K G E E K . C O M      http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Barnyard/acid reconfigure question Henning, David (Dec 18)
- Re: Barnyard/acid reconfigure question Jens Krabbenhoeft (Dec 19)
- <Possible follow-ups>
- RE: Barnyard/acid reconfigure question Henning, David (Dec 19)