Snort mailing list archives
Re: snort with Oracle
From: Gongya Yu <yu () gongya net>
Date: Fri, 28 Dec 2001 10:04:20 -0800
Thanks to all. I found the problem after spending some time tracking. william.c.gercken () census gov wrote:
Hello Gongya, The oracle error that you received indicates that the listener is not started (possibly). Can you do a tnsping to the ORACLE_SID? As the oracle user try typing> lsnrctl status and see if the listener has a handler for your database. From otn.oracle.com: |-------------------+-----------------------------------------------------| | ORA-12154: | Cause: Net8 could not locate the net service name | | TNS:could not | specified in the TNSNAMES.ORA configuration file. | | resolve service | | | name | | | | Actions: | | | 1. Verify that a TNSNAMES.ORA file exists and that| | | it is accessible. | | | 2. Verify that there are not multiple copies of | | | the TNSNAMES.ORA file. | | | 3. In your TNSNAMES.ORA file, verify that the net | | | service name specified in your connect string | | | is mapped to a connect descriptor in the | | | TNSNAMES.ORA file. Also, verify that there are | | | no syntax errors in the file. | | | 4. Verify that there are no duplicate copies of | | | the SQLNET.ORA file. | | | 5. If you are using domain names, verify that your| | | SQLNET.ORA file contains a NAMES.DEFAULT_DOMAIN| | | parameter. If this parameter does not exist, | | | you must specify the domain name in your | | | connect string. | | | | | | | | | If you are not using domain names, and this | | | parameter exists, delete it or disable it by | | | commenting it out. | | | 6. If you are connecting from a login dialog box, | | | verify that you are not placing an "@" symbol | | | before your connect net service name. | | | 7. Activate client tracing and re-execute the | | | operation. | |-------------------+-----------------------------------------------------| Also check out: http://technet.oracle.com/doc/network.815/a67440/ch11.htm Hope this helps. Regards, -bill Gongya Yu <yu () gongya net> Sent by: To: Melvin Robinson <mrobinso () duke-energy com>, snort-users-admin@lists.sourc snort-users () lists sourceforge net eforge.net cc: Subject: Re: [Snort-users] snort with Oracle 01/25/2002 10:57 PM Hi, thanks so much for your feedback. I still can't make it work. I even added the following code just before the OCIInitialize. putenv("ORACLE_HOME=/app02/oracle8.1.7"); putenv("TNS_ADMIN=/app02/oracle8.1.7/network/admin"); putenv("ORACLE_SID=dream"); Here is the output from env command ...... ORACLE_SID=dream ORACLE_HOME=/app02/oracle8.1.7 ORACLE_BASE=/app02/oracle8.1.7 TNS_ADMIN=/app02/oracle8.1.7/network/admin I can use sqlplus to connect to database. So I guess the environment variables are right. Here is the output from running snort .............. Back Orifice detection brute force: DISABLED Using LOCAL time database: compiled support for ( oracle ) database: configured to use oracle database: user = snort database: password is set database: database name = dream database: sensor name = 192.168.1.5 ORACLE_HOME = /app02/oracle8.1.7 TNS_ADMIN = /app02/oracle8.1.7/network/admin ORACLE_SID= dream database: oracle_error: Error while trying to retrieve text for error ORA-12154 database: Connection to database 'dream' failed Fatal Error, Quitting.. Also in the original code from spo_database.c copied in the following. if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL) || OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) || OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) || OCIHandleAlloc(data->o_environment, (dvoid **)&data->o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL) || OCILogon(data->o_environment, data->o_error, &data->o_servicecontext,data->user, strlen(data->user), data->password, strlen(data->password), data->shared->dbname, strlen(data->shared->dbname)) || OCIHandleAlloc(data->o_environment, (dvoid **)&data->o_statement, OCI_HTYPE_STMT, 0, NULL)) { OCIErrorGet(data->o_error, 1, NULL, &data->o_errorcode, data->o_errormsg, sizeof(data->o_errormsg), OCI_HTYPE_ERROR); ErrorMessage("database: oracle_error: %s\n", data->o_errormsg); FatalError("database: Connection to database '%s' failed\n", data->shared->dbname); } Is there an extra OCIEnvInit or should be like that ? Anyway to print the elements of OCIEnv struct? I really appreciate any suggestions. Melvin Robinson wrote: I have had this error before and it usually involves the Oracle environment variables not being set correctly for some reason or another. The ones to make sure that you have set properly are ORACLE_SID and ORACLE_HOME. Gongya Yu <yu () gongya net> Sent by: snort-users-admin () lists sourceforge net 01/24/2002 10:32 PM PST To: snort-users () lists sourceforge net cc: bcc: Subject: [Snort-users] snort with Oracle Hi, anyone has succeeded in using Oracle as snort output plugin ? I am trying to use Oracle, but it failed to connect to Oracle with the following messages; database: compiled support for ( oracle database: configured to use oracle database: user = snort database: password is set database: database name = DREAM database: sensor name = 192.168.1.5 database: oracle_error: Error while trying to retrieve text for error ORA-12154 database: Connection to database 'DREAM' failed Fatal Error, Quitting.. After checking the source code, I located the problem in spo_database.c #ifdef ENABLE_ORACLE if(!strcasecmp(data->shared->dbtype,ORACLE)) { if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL) || OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) || OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) || OCIHandleAlloc(data->o_environment, (dvoid **)&data->o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL) || OCILogon(data->o_environment, data->o_error, &data->o_servicecontext, data->user, strlen(data->user), data->password, strlen(data->password), data->shared->dbname, strlen(data->shared->dbname)) || OCIHandleAlloc(data->o_environment, (dvoid **)&data->o_statement, OCI_HTYPE_STMT, 0, NULL)) { OCIErrorGet(data->o_error, 1, NULL, &data->o_errorcode, data->o_errormsg, sizeof(data->o_errormsg), OCI_HTYPE_ERROR); ErrorMessage("database: oracle_error: %s\n", data->o_errormsg); FatalError("database: Connection to database '%s' failed\n", data->shared->dbname); } } #endif Question 1: OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) || is extra ? Question 2: Do I have to use OCIEnvCreate to replace OCIInitialize and OCIEnvInit if I use Oracle 8.1.7. I read the documentation that says the OCIInitialize and OCI EnvInit still can be used as backward. thanks in advanced !! _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- ============================================= Gongya Yu System Security Engineer Medical Center, University of Washington Phone: (206) 543-9388 (W) (425) 369-2548 (H) Email: yu () gongya net URL: http://gongya.net ============================================== _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort with Oracle Gongya Yu (Dec 26)
- <Possible follow-ups>
- Re: snort with Oracle Gongya Yu (Dec 27)
- Re: snort with Oracle william . c . gercken (Dec 28)
- Re: snort with Oracle Gongya Yu (Dec 28)
- RE: snort with Oracle Robert D. Hughes (Dec 30)