[Dshield] DShield Submission Confirmation Question re unique lines

Johannes Ullrich jullrich at euclidian.com
Fri Mar 14 12:59:34 GMT 2003


> This is from a daily pf parser submission and I'm curious about the 492 lines in file and 290 lines 
> written to the database. I realize the parser counts each as '1' but given that each line had a 
> unique time stamp; wouldn't all of the lines have been written? Or is it simply that the lines are 
> added up during the submission process and there is no need to actually write each line to the 
> database?

The parser only consolidates identical lines. So if each line had a 
unique time stamp, the number of submitted and unique lines should
be identical. I will have to check your submission for details
and will respond off list (don't want to post your submission to the
list here).


-- 
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org



More information about the list mailing list