From: Alex Butcher, ISC/ISYS (Alex.Butcherbristol.ac.uk)
Date: Thu Sep 02 2004 - 03:24:31 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On 01 September 2004 19:06 +0100 Pedro Fortuna <pedro.fortunagmail.com>
wrote:

> Anyway, now its working with the old DB, but two things are bodering me:
> - ACID isn't showing my custom rule's description, it just shows
> something like this in the alert "Snort Alert [1:1000002:0]" (1000002
> is the rule ID)

I had this problem when I was using mudpit, and mudpit couldn't find
sid-msg.map and gen-msg.map. I haven't used barnyard, and I'm using FLoP
now, but maybe your problem has the same root.

> - The events time are one our late! An event at 3am shows 2am.

Probably a timezone or daylight savings time thing; I think all events are
logged as UTC (i.e. GMT+0). Are you in western Europe, by chance?

> If someone has a clue why Acid failed to insert the events in its tables
> (_using_ the blank DB) please say something, so that I can test it.

Did you run create_acid_tbls_mysql.sql from the ACID distribution?

> Thanks,
> Pedro Fortuna

HTH,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9

-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]