Snort mailing list archives
MySQL signatures escaped unneccesarily?
From: Rick Johnson <rjohnson () medata com>
Date: Tue, 10 Feb 2004 20:34:02 -0800
I've got Snort 2.1.0 running under Fedora Core 1, logging to a MySQL 4.0.17 database. I've also got ACID running for reporting. So far, so good.
All's well except that certain events appear to be uneccesarily escaped - for instance spp_portscan appears as spp\_portscan within the database. This causes ACID to miss the portscan reports completely, or at least miscategorize them.
I've attempted to modify ACID code, but it seems the real problem is the new escaping code for databases (MySQL).
Is this something that was fixed in 2.1.1RC1? Is it something that can be disabled?
-Rick -- Rick Johnson, RHCE #807302311706007 - rjohnson () medata com Linux/Network Administrator - Medata, Inc. (from home) PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- MySQL signatures escaped unneccesarily? Rick Johnson (Feb 10)