Re: timezone whackiness with snort/postgresql database...

[Matthew Whitworth <matthew () okcomputer org>]

Andrew,

Your suggestions led me to what seems to have been the problem.

Hutchinson, Andrew wrote:

> Also, at the psql prompt, run a "\d event" and check the data type for
> timestamp column.  It should be "timestamp without time zone" - is it?
>  
My database actually had "time stamp *with* time zone". 

I had had trouble building the database using the snort 2.0.0 
create_postgresql script (that came with my Debian package) because it 
tries to use a DATETIME data type, which posgresql 7.3.2 didn't like.  
So I had downloaded the 2.0.1 snort source and used the create_psql 
script from that.  (And conveniently forgotten all of this because I was 
doing it completely frazzled at 2:00AM! [PDT :-)])

Unfortunately the snort 2.0.1 create_postgresql script uses the 
"timestamp *with* time zone" data type:

$ grep -i "timestamp with" snort-2.0.1/contrib/create_postgresql 
                     ctime       TIMESTAMP with time zone NOT NULL,
                     timestamp   timestamp with time zone NOT NULL,

I edited the 2.0.1 create_postgresql script to say "timestamp without 
time zone", rebuilt my database and everything seems to work fine.

Thanks tons!

MGW.





-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users