Snort mailing list archives
Re: Barnyard2 2-1.13-BETA
From: Jeff Kell <jeff-kell () utc edu>
Date: Thu, 9 May 2013 19:24:53 -0400
On 4/10/2013 8:52 AM, beenph wrote:
***** We highly recommend ****** To delete every row in your sig_reference table. (DELETE FROM sig_reference;) The table will be re-populated at process startup, and has no impact on historical data.
I may have goofed..... :( I have had some signatures showing up in the "snort alert [x:yyyyyy:z]" format for awhile (since converting to BY2). Hoping that the above hint was a reference to clearing out the database descriptors, I did a 'delete from signature'; and a 'delete from sig_reference'; and restarted things. Now I have nothing at all in the descriptions, at least from the perspective of BASE... Well, I take that back... a couple have populated now... < Signature > < Classification > < Total # > < Source Address > < Dest. Address > ET POLICY Outdated Windows Flash Version IE policy-violation 13(0%) 4 11 ET POLICY Vulnerable Java Version 1.6.x Detected bad-unknown 2(0%) 1 2 ET CURRENT_EVENTS DNS Amplification Attack Inbound bad-unknown 1(0%) 1 1 (3996)/SigName unknown/ /unclassified/ 20(0%) 1 5 (4404)/SigName unknown/ /unclassified/ 59(0%) 1 2 (5534)/SigName unknown/ /unclassified/ 230(1%) 5 4 (5632)/SigName unknown/ /unclassified/ 5700(14%) 400 277 So should this clear itself up eventually, or have I hosed my current alerts database? (Please reply all, i'm not on the google groups list...) Jeff
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Barnyard2 2-1.13-BETA beenph (Apr 26)
- <Possible follow-ups>
- Re: Barnyard2 2-1.13-BETA sumit kamboj (Apr 29)
- Re: [barnyard2-users] Re: Barnyard2 2-1.13-BETA beenph (Apr 27)
- Re: Barnyard2 2-1.13-BETA Jeff Kell (May 09)
- Re: Barnyard2 2-1.13-BETA beenph (May 09)