Snort mailing list archives
Re: ODBC+TDS woes
From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 14 Apr 2003 10:47:12 -0500
Why don't you use the nice instructions written by Keith Tokash? http://www.snort.org/docs/I'm not sure why you're trying to use FreeTDS and UnixODBC. You don't need them. Just use the ports of snort and mysql with aodbc if you want to use ACID. Works fine for me.
--On Monday, April 14, 2003 09:51:21 AM -0400 Jeff <jeffi () rcn com> wrote:
Hello,
I have seen a handful of messages along a similar vein to this,
without much successful followup, I can only hope that this turns out
differently.
(background)
FreeBSD 4.7
Snort 1.9.1
FreeTDS 0.61
unixODBC 2.2.4
I am trying to get snort to log to an MSSQL 2000 database via
unixODBC+FreeTDS. Every single time snort quits on startup with the
following:
database: ODBC unable to connect
Fatal Error, Quitting..
Here is the relevent snort.conf line(s) that have been tested (carriage
returns are not really there in the config):
# output database: log, odbc, user=snort password=xxxx dbname=snort_log
host=myserver sensor_name=dmz ignore_bpf=yes
# output database: log, odbc, user=snort password=xxxx dbname=snort_log
host=10.10.10.99 sensor_name=dmz ignore_bpf=yes
output database: log, odbc, user=snort password=xxxx dbname=snort_log
sensor_name=dmz
Here is odbcinst.ini
[FreeTDS]
Description = FreeTDS unixODBC Driver
Driver = /usr/local/lib/libtdsodbc.so
FileUsage = 1
(note: odbc.ini is empty, but I have followed the directions here:
http://www.unixodbc.org/doc/FreeTDS.html)
freetds/interfaces:
myserver
query tcp 7.0 10.10.10.99 1433
freetds.conf:
[myserver]
host = 10.10.10.99
port = 1433
tds version = 7.0
...
I can connect to the database via the commandline "isql", and I have
setup tcpdump to view the traffic when snort starts up, and I see no
attempts at any sort of ODBC connection. I have compiled FreeTDS with
both --with-tdsver=7.0 and --with-tdsver=4.2, with the same results. I
am using the FreeBSD port and I have compiled the snort (1.9.1) port
WITH_MYSQL and WITH_ODBC, FreeTDS is compiled WITH_UNIXODBC.
As far as I can tell, there is no library problem, everything is linked
correctly.
/usr/local/bin/snort:
libz.so.2 => /usr/lib/libz.so.2
libpcap.so.2 => /usr/lib/libpcap.so.2
libm.so.2 => /usr/lib/libm.so.2
libmysqlclient.so.10 => /usr/local/lib/mysql/libmysqlclient.so.10
libodbc.so.1 => /usr/local/lib/libodbc.so.1
libc_r.so.4 => /usr/lib/libc_r.so.4
libcrypt.so.2 => /usr/lib/libcrypt.so.2
libc.so.4 => /usr/lib/libc.so.4
libiconv.so.3 => /usr/local/lib/libiconv.so.3
Any insight on what may be causing it, or what needs to be done
differently would be greatly appreciated.
Thank you,
Jeff
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ODBC+TDS woes Jeff (Apr 14)
- <Possible follow-ups>
- ODBC+TDS woes Jeff (Apr 14)
- Re: ODBC+TDS woes Paul Schmehl (Apr 14)
- Re: ODBC+TDS woes Jeff (Apr 14)
- Re: ODBC+TDS woes Paul Schmehl (Apr 14)