[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] Barnyard2 timestamp resolution
From:       Ian <snort_list () fishnet ! co ! uk>
Date:       2016-08-25 10:47:00
Message-ID: 5eae0f9e-a229-6782-0f9f-d95e99b36180 () fishnet ! co ! uk
[Download RAW message or body]

On 24/08/2016 17:20, Asad, Hafiz ul wrote:
> Thanks,
> 
> 
> But as far as I know, we use barnyard2 schema instead of creating tables
> ourselves?
> 
> 
> asad

Hi,

Issue the following SQL using your favourite client (you may need to
adjust to suit your db):

ALTER TABLE `event` CHANGE COLUMN `timestamp` `timestamp` DATETIME(6)
NOT NULL DEFAULT '0000-00-00 00:00:00';


I just tested this on one of mine and it worked fine - but barnyard2
isn't sending the milliseconds (they are logged to file through).

Maybe its time to ask the developer:
https://github.com/firnsy/barnyard2

(Or test with Postgresql)

Regards

Ian
-- 


> ------------------------------------------------------------------------
> *From:* Ian <snort_list@fishnet.co.uk>
> *Sent:* Wednesday, August 24, 2016 3:07:26 PM
> *To:* snort-users@lists.sourceforge.net
> *Subject:* Re: [Snort-users] Barnyard2 timestamp resolution
>  
> On 24/08/2016 14:15, Asad, Hafiz ul wrote:
>> Snort Users,
>> 
>> 
>> I wonder whether Barnyard2 timestamp, in the mysql database, could be
>> for example
>> 
>> "2016-07-25 11:25:31.355". Currently, it seems, the timestamp resolution
>> is in seconds and I want that to be in milli-seconds. Could anyone help?
>> 
>> 
>> Regards
>> 
>> asad
> 
> Hi,
> 
> In MySQL you must make sure you specify the fractional seconds precision
> when creating the table:
> 
>         http://dev.mysql.com/doc/refman/5.6/en/fractional-seconds.html
> 
> e.g
> 
>         CREATE TABLE t1 (t TIME(3), dt DATETIME(6));
> 
> Where TIME(3) would give 00:00:00.000
> 
> and DATETIME(6) gives 0000-00-00 00:00:00.000000
> 
> This appears to be supported in version 5.6 and above.
> 
> 
> 
> Regards
> 
> Ian
> -- 
> 
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]