Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ODBC+TDS woes

From: Jeff <jeffi () rcn com>
Date: Mon, 14 Apr 2003 09:51:21 -0400
Hello,

   I have seen a handful of messages along a similar vein to this, without much
successful followup,  I can only hope that this turns out differently.

(background)
FreeBSD 4.7
Snort 1.9.1
FreeTDS 0.61
unixODBC 2.2.4

I am trying to get snort to log to an MSSQL 2000 database via unixODBC+FreeTDS.
Every single time snort quits on startup with the following:

database: ODBC unable to connect
Fatal Error, Quitting..

Here is the relevent snort.conf line(s) that have been tested (carriage returns
        are not really there in the config):

#output database: log, odbc, user=snort password=xxxx dbname=snort_log 
        host=myserver sensor_name=dmz ignore_bpf=yes
#output database: log, odbc, user=snort password=xxxx dbname=snort_log 
        host=10.10.10.99 sensor_name=dmz ignore_bpf=yes
output database: log, odbc, user=snort password=xxxx dbname=snort_log 
        sensor_name=dmz

Here is odbcinst.ini

[FreeTDS]
Description             = FreeTDS unixODBC Driver
Driver          = /usr/local/lib/libtdsodbc.so
FileUsage               = 1

(note: odbc.ini is empty, but I have followed the directions here:
        http://www.unixodbc.org/doc/FreeTDS.html)

freetds/interfaces:

myserver
        query tcp 7.0 10.10.10.99 1433

freetds.conf:

[myserver]
        host = 10.10.10.99
        port = 1433
        tds version = 7.0

...
I can connect to the database via the commandline "isql", and I have setup 
tcpdump to view the traffic when snort starts up, and I see no attempts at any
sort of ODBC connection. I have compiled FreeTDS with both --with-tdsver=7.0 
and --with-tdsver=4.2, with the same results.  I am using the FreeBSD port and
I have compiled the snort (1.9.1) port WITH_MYSQL and WITH_ODBC, FreeTDS is 
compiled WITH_UNIXODBC.

As far as I can tell, there is no library problem, everything is linked
correctly.
/usr/local/bin/snort:
        libz.so.2 => /usr/lib/libz.so.2
        libpcap.so.2 => /usr/lib/libpcap.so.2
        libm.so.2 => /usr/lib/libm.so.2
        libmysqlclient.so.10 => /usr/local/lib/mysql/libmysqlclient.so.10
        libodbc.so.1 => /usr/local/lib/libodbc.so.1
        libc_r.so.4 => /usr/lib/libc_r.so.4
        libcrypt.so.2 => /usr/lib/libcrypt.so.2
        libc.so.4 => /usr/lib/libc.so.4 
        libiconv.so.3 => /usr/local/lib/libiconv.so.3


Any insight on what may be causing it, or what needs to be done differently
would be greatly appreciated.

Thank you,
Jeff


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: