Re: Barnyard2 timestamp resolution

[Ian <snort_list () fishnet co uk>]

On 24/08/2016 17:20, Asad, Hafiz ul wrote:
> Thanks,
>
>
> But as far as I know, we use barnyard2 schema instead of creating tables
> ourselves?
>
>
> asad

Hi,

Issue the following SQL using your favourite client (you may need to
adjust to suit your db):

ALTER TABLE `event` CHANGE COLUMN `timestamp` `timestamp` DATETIME(6)
NOT NULL DEFAULT '0000-00-00 00:00:00';


I just tested this on one of mine and it worked fine - but barnyard2
isn't sending the milliseconds (they are logged to file through).

Maybe its time to ask the developer:
https://github.com/firnsy/barnyard2

(Or test with Postgresql)

Regards

Ian
-- 


> ------------------------------------------------------------------------
> *From:* Ian <snort_list () fishnet co uk>
> *Sent:* Wednesday, August 24, 2016 3:07:26 PM
> *To:* snort-users () lists sourceforge net
> *Subject:* Re: [Snort-users] Barnyard2 timestamp resolution
>  
> On 24/08/2016 14:15, Asad, Hafiz ul wrote:
> > Snort Users,
> >
> >
> > I wonder whether Barnyard2 timestamp, in the mysql database, could be
> > for example
> >
> > "2016-07-25 11:25:31.355". Currently, it seems, the timestamp resolution
> > is in seconds and I want that to be in milli-seconds. Could anyone help?
> >
> >
> > Regards
> >
> > asad
>
> Hi,
>
> In MySQL you must make sure you specify the fractional seconds precision
> when creating the table:
>
>         http://dev.mysql.com/doc/refman/5.6/en/fractional-seconds.html
>
> e.g
>
>         CREATE TABLE t1 (t TIME(3), dt DATETIME(6));
>
> Where TIME(3) would give 00:00:00.000
>
> and DATETIME(6) gives 0000-00-00 00:00:00.000000
>
> This appears to be supported in version 5.6 and above.
>
>
>
> Regards
>
> Ian
> -- 
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!