Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Oracle output

From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Tue, 23 Nov 2004 16:36:37 -0500
We have discovered a problem with the Oracle output processor when
encoding is ASCII.  (We have not tried hex)

However, in the oracle database since the data_payload is stored as a
"BLOB" the following change must be made.

# diff spo_database2.c spo_database.c
1612c1612
<                             "VALUES ('%u','%u','%s",
---

                            "VALUES

('%u','%u',utl_raw.cast_to_raw('%s",
1616c1616
<                     strcat(query->val, "')");
---

                    strcat(query->val, "'))");


We have discovered a lot of other problems too when two Snort boxes log
to the same DB.  We're working this issue out.  More to follow
(hopefully)

Joel Esler, GCIA


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: