Snort mailing list archives
Database issue (Snort 1.8.4, FreeTDS .53, UnixODBC, M$ SQL 7)
From: Steve Scott <sjscott007 () earthlink com>
Date: 13 Feb 2002 10:04:28 -0600
Hello,
I am trying to use snort with a M$ SQL 7 database. I have the
following installed Snort 1.8.4, FreeTDS .53, UnixODBC and M$ SQL 7.
The problem is when snort starts it registers the sensor to the database
successfully(aka. puts a row in the sensor table), but when it trys to
query the information back it fails. Also, when I issue the the same
query(and using the same acccount) from isql it is returned
successfully. Does anyone have any ideas? Below is the error that is
generated when I run Snort.
Thanks,
Steve
Snort - Ouput
---------------------------------------------------------------------------------------
query = SELECT sid FROM sensor WHERE hostname =
'obeone.xxx.xx.xxxxxxxx.com:eth1
' AND interface = 'eth1' AND detail = '1' AND encoding = '0' AND filter
IS NULL
query = INSERT INTO sensor (hostname, interface, detail, encoding)
VALUES ('obeone.xxx.xxx.xxxxxxxx.com:eth1
','eth1','1','0')
query = SELECT sid FROM sensor WHERE hostname =
'obeone.xxx.xx.xxxxxxxx.com:eth1
' AND interface = 'eth1' AND detail = '1' AND encoding = '0' AND filter
IS NULL
database: Problem obtaining SENSOR ID (sid) from odbc->Snort->sensor
When this plugin starts, a SELECT query is run to find the sensor id
for the
currently running sensor. If the sensor id is not found, the plugin
will run
an INSERT query to insert the proper data and generate a new sensor id.
Then a
SELECT query is run to get the newly allocated sensor id. If that fails
then
this error message is generated.
Some possible causes for this error are:
* the user does not have proper INSERT or SELECT privileges
* the sensor table does not exist
If you are _absolutly_ certain that you have the proper privileges set
and
that your database structure is built properly please let me know if
you
continue to get this error
Fatal Error, Quitting..
-------------------------------------------------------------------------------------
Snort.conf
-------------------------------------------------------------------------------------
output database: log, odbc, dbname=Snort user:snort password:cccccc
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Database issue (Snort 1.8.4, FreeTDS .53, UnixODBC, M$ SQL 7) Steve Scott (Feb 13)
- Message not available
- Re: Database issue (Snort 1.8.4, FreeTDS .53, UnixODBC, M$ SQL 7) Steve Scott (Feb 17)
- Re: Database issue (Snort 1.8.4, FreeTDS .53, UnixODBC, M$ SQL 7) Onie Camara (Feb 20)
- Re: Database issue (Snort 1.8.4, FreeTDS .53, UnixODBC, M$ SQL 7) Steve Scott (Feb 17)
- Message not available