mailing list archives
Re: Barnyard2 2-1.13-BETA
From: beenph <beenph () gmail com>
Date: Thu, 9 May 2013 19:55:02 -0400
On Thu, May 9, 2013 at 7:24 PM, Jeff Kell <jeff-kell () utc edu> wrote:
On 4/10/2013 8:52 AM, beenph wrote:
***** We highly recommend ******
To delete every row in your sig_reference table. (DELETE FROM sig_reference;)
The table will be re-populated at process startup, and has no impact
on historical data.
You updated to 2-1.13-BETA?
I may have goofed..... :(
I have had some signatures showing up in the "snort alert [x:yyyyyy:z]" format for awhile (since converting to BY2).
Hoping that the above hint was a reference to clearing out the database descriptors, I did a 'delete from signature';
and a 'delete from sig_reference'; and restarted things. Now I have nothing at all in the descriptions, at least
from the perspective of BASE...
the message was really only targetted at sig_reference, and not signature.
Unfortunately there is no way of brigning them back up unless you have
a database backup or archive of your old unified2 file.
If you do and didin't have alot of signature change in your
sid-msg.map file you could clear the database then
replay your unified2 files and you would probably have less missing signature.
Well, I take that back... a couple have populated now...
Yhea, when signatures are not found they will gradualy get re-inserted
but your historical data might point to unassigned signature
because they where removed from the signature table.
So should this clear itself up eventually, or have I hosed my current alerts database?
(Please reply all, i'm not on the google groups list...)
The best way i know of to overcome that is to clear the database
compeltly and replay unified2 file you have if you archive them.
You should join the googlegroups :)
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!