> > Does anybody know how to change the Encoding format of the payload
> > (from
> hex to ascii) without having to re-run the sql table creation script?
> >
> > I'm logging the data to a Postgres database, and I already tried to:
> >
> > - Change the snort configuration output to:
> >
> > output database: alert, postgresql, user=xxxxx dbname=xxxxxxx
> password=xxxxxx encoding=ascii detail=full
> >
> > (then restart snort and postgresql)
>
> you do not need to restart postgresql, this should just work with the
> running system. And yes, this is the way how endcoding should be
> changed although this is only valid for new alerts.
>
> Does this not work?
I restarted postgres just in case...
Anyway, it still didn't work, until I decided to add another field in the
output database configuration. I added sensor_name=foo, between password and
encoding, and that way the encoding format changed, whereas sensor_name
didn't...
My last character in the password value is a number, could that be the reason??
It's quite confusing, although I have what I was looking for.
Cheers,
URko
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
|