snort - barnyard and acid

[Russell Fulton <r.fulton () auckland ac nz>]

Hi All,
        I am running Snort 2.0 with unified logging and using barnyard 0.1.0 to
send the logs to a mysql database on another machine.

I have verified that the data is being loaded into the mysql database:

 mysql> select count(*) from event;
+----------+
| count(*) |
+----------+
|     7712 |
+----------+

This query was done using the acid user login.

When I run acid (0.9.6b23) and set up the extra tables acid needs it
does not see any data. I have tried using the root account as well as
the acid account to access the snort data base but it makes no
difference.

I don't get any errors, just the statement that there are no events.

What makes this all the more frustrating is that the first time I set
this up it all worked flawlessly, then I deleted the snort database and
rebuilt it because it was full of test data and since then acid has been
unable to find any data.

Any suggestions ?

-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.



-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users