Snort mailing list archives
Re: logging to MySql....stumped
From: Chris Keladis <chris () cmc optus net au>
Date: Tue, 22 Jul 2003 21:53:17 +1000
Scott Renna wrote: Hi Scott,
Now that I've gotten some help in editing configure.in in Barnyard to work with MySQLServer 4.0....it's up and running and seems to be doing its job. It's no longer producing any errors however, it doesn't look like it's actually logging to ACID. I've run a few port scans and snort is picking up the scans and creating alert and log files. ACID is not displaying the result however.
I've submitted this information to Andrew and Marty, so hopefully it will be corrected in future releases.
Anyway, i had the same problem, and after closer examination i found that "zero" dates/times were being inserted into the database.
This happens (from what i've gathered) because the date/time string that barnyard inserts, isn't compatible with MySQLs 'DATETIME' datatype, resulting in an error, and MySQL ends up inserting 'null' date strings (which is why - i think - you dont see anything in acid, as all the events occurred on 00-00-0000 at 00:00!) ;)
The following trivial patch should get it going (hopefully it's not line-wrapped beyond recognition):
--- barnyard-0.1.0/src/util.c.orig 2003-07-20 10:46:43.000000000 +1000
+++ barnyard-0.1.0/src/util.c 2003-07-20 10:46:51.000000000 +1000
@@ -508,7 +508,7 @@
if(pv.localtime)
{
lt = localtime(&timet);
- return strftime(timebuf, len, "%Y-%m-%d %H:%M:%S %z", lt);
+ return strftime(timebuf, len, "%Y-%m-%d %H:%M:%S%z", lt);
}
lt = gmtime(&timet);
YMMV,
Chris.
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging to MySql....stumped Scott Renna (Jul 21)
- Re: logging to MySql....stumped Chris Keladis (Jul 22)
- RE: logging to MySql....stumped Scott Renna (Jul 22)
- Re: logging to MySql....stumped Chris Keladis (Jul 22)
- RE: logging to MySql....stumped Scott Renna (Jul 22)
- Re: logging to MySql....stumped Chris Keladis (Jul 22)