Snort mailing list archives

Previous By Date Next
Previous By Thread Next

MySQL signatures escaped unneccesarily?

From: Rick Johnson <rjohnson () medata com>
Date: Tue, 10 Feb 2004 20:34:02 -0800
I've got Snort 2.1.0 running under Fedora Core 1, logging to a MySQL 4.0.17 database. I've also got ACID running for reporting. So far, so good.
All's well except that certain events appear to be uneccesarily escaped - for instance spp_portscan appears as spp\_portscan within the database. This causes ACID to miss the portscan reports completely, or at least miscategorize them.
I've attempted to modify ACID code, but it seems the real problem is the new escaping code for databases (MySQL).
Is this something that was fixed in 2.1.1RC1? Is it something that can be disabled? 

-Rick

--
Rick Johnson, RHCE #807302311706007 - rjohnson () medata com
Linux/Network Administrator - Medata, Inc. (from home)
PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: