@@ -0,0 +1,268 @@
+diff -ur firnsy-barnyard2-f71a8d3/configure.in firnsy-barnyard2-f71a8d3.mod/configure.in
+--- firnsy-barnyard2-f71a8d3/configure.in 2011-11-14 05:53:23.000000000 -0500
++++ firnsy-barnyard2-f71a8d3.mod/configure.in 2011-12-15 15:51:56.588020785 -0500
+@@ -996,6 +996,13 @@
+ LIBS="${LIBS} -lbroccoli"
+ fi
+
++AC_ARG_ENABLE(acid-event,
++[ --enable-acid-event Enable acid_event (BASE schema) logging],
++ enable_acid_event="$enableval", enable_acid_event="no")
++if test "x$enable_acid_event" = "xyes"; then
++ CFLAGS="$CFLAGS -DENABLE_ACID_EVENT_LOGGING"
++fi
++
+ # Checking for Tcl support (required by spo_sguil)
+ AC_ARG_WITH(tcl,
+ [ --with-tcl=DIR support for Tcl],
+diff -ur firnsy-barnyard2-f71a8d3/src/output-plugins/spo_database.c firnsy-barnyard2-f71a8d3.mod/src/output-plugins/spo_database.c
+--- firnsy-barnyard2-f71a8d3/src/output-plugins/spo_database.c 2011-11-14 05:53:23.000000000 -0500
++++ firnsy-barnyard2-f71a8d3.mod/src/output-plugins/spo_database.c 2011-12-15 16:22:13.378002691 -0500
+@@ -56,6 +56,9 @@
+ #include <string.h>
+ #include <time.h>
+ #include <unistd.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
+
+ #include "barnyard2.h"
+ #include "debug.h"
+@@ -1191,11 +1194,21 @@
+ *select0 = NULL,
+ *select1 = NULL,
+ *insert0 = NULL;
++
++ char timestamp_clause[128];
++#ifdef SUP_IP6
++ char ip_buf[64];
++#endif
++ char src_buf[64];
++ char dst_buf[64];
++
+ int i,
+ insert_fields_len,
+ insert_values_len,
+ ok_transaction,
+ ref_system_id,
++ layer4_sport,
++ layer4_dport,
+ ret;
+ unsigned int sig_id,
+ ref_id,
+@@ -1757,44 +1770,55 @@
+ free(select0); select0 = NULL;
+ }
+
+- free(sig_name); sig_name = NULL;
++/* free(sig_name); sig_name = NULL; */
+
+ if ( (data->shared->dbtype_id == DB_ORACLE) &&
+ (data->DBschema_version >= 105) )
+ {
+- ret = SnortSnprintf(query->val, MAX_QUERY_LENGTH,
+- "INSERT INTO "
+- "event (sid,cid,signature,timestamp) "
+- "VALUES (%u, %u, %u, TO_DATE('%s', 'YYYY-MM-DD HH24:MI:SS'))",
+- data->shared->sid, data->shared->cid, sig_id, timestamp_string);
++ ret = SnortSnprintf(timestamp_clause, sizeof(timestamp_clause),
++ "TO_DATE('%s', 'YYYY-MM-DD HH24:MI:SS')", timestamp_string);
+
+ if (ret != SNORT_SNPRINTF_SUCCESS)
+ goto bad_query;
+ }
+ else if(data->shared->dbtype_id == DB_ODBC)
+ {
+- ret = SnortSnprintf(query->val, MAX_QUERY_LENGTH,
+- "INSERT INTO "
+- "event (sid,cid,signature,timestamp) "
+- "VALUES (%u, %u, %u, {ts '%s'})",
+- data->shared->sid, data->shared->cid, sig_id, timestamp_string);
+-
++ ret = SnortSnprintf(timestamp_clause, sizeof(timestamp_clause), "{ts '%s'}", timestamp_string);
+ if (ret != SNORT_SNPRINTF_SUCCESS)
+ goto bad_query;
+ }
+ else
+ {
+- ret = SnortSnprintf(query->val, MAX_QUERY_LENGTH,
+- "INSERT INTO "
+- "event (sid,cid,signature,timestamp) "
+- "VALUES (%u, %u, %u, '%s')",
+- data->shared->sid, data->shared->cid, sig_id, timestamp_string);
+-
+- if (ret != SNORT_SNPRINTF_SUCCESS)
++ ret = SnortSnprintf(timestamp_clause, sizeof(timestamp_clause), "'%s'", timestamp_string);
++ if (ret != SNORT_SNPRINTF_SUCCESS) {
++ fprintf(stderr, "Error in timestamp_clause: %d, size %d, string: '%s'\n",
++ ret, (int) sizeof(timestamp_clause), timestamp_string);
+ goto bad_query;
++ }
++
+ }
+
+- free(timestamp_string); timestamp_string = NULL;
++ ret = SnortSnprintf(query->val, MAX_QUERY_LENGTH,
++ "INSERT INTO "
++ "event (sid,cid,signature,timestamp) "
++ "VALUES (%u, %u, %u, %s)",
++ data->shared->sid, data->shared->cid, sig_id, timestamp_clause);
++
++ if (p->tcph) {
++
++ layer4_sport = ntohs(p->tcph->th_sport);
++ layer4_dport = ntohs(p->tcph->th_dport);
++
++ } else if (p->udph) {
++
++ layer4_sport = ntohs(p->udph->uh_sport);
++ layer4_dport = ntohs(p->udph->uh_dport);
++
++ } else {
++
++ layer4_sport = 0;
++ layer4_dport = 0;
++ }
+
+ /* We do not log fragments! They are assumed to be handled
+ by the fragment reassembly pre-processor */
+@@ -1996,26 +2020,81 @@
+
+ if(data->detail)
+ {
+- ret = SnortSnprintf(query->val, MAX_QUERY_LENGTH,
+- "INSERT INTO "
+- "iphdr (sid, cid, ip_src, ip_dst, ip_ver, ip_hlen, "
+- " ip_tos, ip_len, ip_id, ip_flags, ip_off,"
+- " ip_ttl, ip_proto, ip_csum) "
+- "VALUES (%u,%u,%lu,%lu,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u)",
+- data->shared->sid,
+- data->shared->cid,
+- (u_long)ntohl(p->iph->ip_src.s_addr),
+- (u_long)ntohl(p->iph->ip_dst.s_addr),
+- IP_VER(p->iph),
+- IP_HLEN(p->iph),
+- p->iph->ip_tos,
+- ntohs(p->iph->ip_len),
+- ntohs(p->iph->ip_id),
+- p->frag_flag,
+- ntohs(p->frag_offset),
+- p->iph->ip_ttl,
+- p->iph->ip_proto,
+- ntohs(p->iph->ip_csum));
++ int sock_size;
++#ifdef SUP_IP6
++ int sock_size;
++#endif
++ if(data->shared->dbtype_id == DB_POSTGRESQL) {
++#ifdef SUP_IP6
++ if (IP_VER(p->iph) == 6) {
++ SnortSnprintf(src_buf, sizeof(src_buf), "'%s'", inet_ntoa(&p->inner_ip6h.ip_src));
++ SnortSnprintf(dst_buf, sizeof(dst_buf), "'%s'", inet_ntoa(&p->inner_ip6h.ip_dst));
++ } else {
++ SnortSnprintf(src_buf, sizeof(src_buf), "'%s'", inet_ntoa(&p->inner_ip4h.ip_src));
++ SnortSnprintf(dst_buf, sizeof(dst_buf), "'%s'", inet_ntoa(&p->inner_ip4h.ip_dst));
++ }
++#else
++ SnortSnprintf(src_buf, sizeof(src_buf), "%lu", (u_long)ntohl(p->iph->ip_src.s_addr));
++ SnortSnprintf(dst_buf, sizeof(dst_buf), "%lu", (u_long)ntohl(p->iph->ip_dst.s_addr));
++#endif
++
++ } else if (data->shared->dbtype_id == DB_MYSQL) {
++#ifdef SUP_IP6
++ if (IP_VER(p->iph) == 6) {
++ sock_size = 16;
++ mysql_real_escape_string (data->m_sock,
++ ip_buf,
++ (const char *) &p->inner_ip6h.ip_src.ip,
++ sock_size);
++ SnortSnprintf(src_buf, sizeof(src_buf), "'%s'", ip_buf);
++ mysql_real_escape_string (data->m_sock,
++ ip_buf,
++ (const char *) &p->inner_ip6h.ip_dst.ip,
++ sock_size);
++ SnortSnprintf(dst_buf, sizeof(dst_buf), "'%s'", ip_buf);
++ } else {
++ sock_size = 4;
++ mysql_real_escape_string (data->m_sock,
++ ip_buf,
++ (const char *) &p->inner_ip4h.ip_src.ip,
++ sock_size);
++ SnortSnprintf(src_buf, sizeof(src_buf), "'%s'", ip_buf);
++ mysql_real_escape_string (data->m_sock,
++ ip_buf,
++ (const char *) &p->inner_ip4h.ip_dst.ip,
++ sock_size);
++ SnortSnprintf(dst_buf, sizeof(dst_buf), "'%s'", ip_buf);
++ }
++#else
++ SnortSnprintf(src_buf, sizeof(src_buf), "%lu", (u_long)ntohl(p->iph->ip_src.s_addr));
|