Snort mailing list archives
RE: Additional debugging information: Query executi on error: Database ERROR:Unknown column 'ip_src0' in 'field list'
From: Bruce Platt <Bruce () ei3 com>
Date: Sat, 16 Feb 2002 10:49:58 -0500
My error! I had inadvertantly overwritten the b20 version with the old version. I figured it out this morning and rebuilt all. It now wotks fine! Thanks for the help and your great work on acid! Regards -----Original Message----- From: Roman Danyliw [mailto:roman () danyliw com] Sent: Saturday, February 16, 2002 10:38 AM To: Bruce Platt Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Additional debugging information: Query execution error: Database ERROR:Unknown column 'ip_src0' in 'field list' All the extra debug information is helpful. However, could you please verify that you upgraded to v0.9.6b20. No version of ACID past 0.9.6b16 makes any reference to the fields ip_src0-3 or ip_dst0-3. Roman On Fri, 15 Feb 2002 17:09:03 -0500, Bruce Platt <Bruce () ei3 com> wrote :
I set $debug_mode=1 in acid_conf.php, and here is the additional debugging info produced when this error occurs: importing GET var 'submit' importing GET var 'current_view' importing GET var 'num_result_rows' Warning: Cannot send session cache limiter - headers already sent (output started at /var/www/html/acid/acid_common.php:273) in /var/www/html/acid/acid_common.php on line 125 Session Registered importing GET var 'time' Checking for DB abstraction lib in '/var/www/html/acid/adodb.inc.php' URL: '/acid/acid_pkt_main.php' (refered by: 'http://webserver/acid/acid_main.php') PARAMETERS:
'&num_result_rows=-1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=+&submit=Query+
DB¤t_view=-1' CLIENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;
T312461;
Q312461) SERVER: Apache/1.3.12 (Unix) (Red Hat/Linux) mod_ssl/2.6.6 OpenSSL/0.9.5a DAV/1.0.1 PHP/4.0.5 mod_perl/1.24 DATABASE TYPE: mysql PHP VERSION: 4.0.5 DB ABSTRACTION VERSION: new: '' submit: 'Query DB' sort_order: '' num_result_rows: '-1' current_view: '-1' layer4: '' time_cnt ip_addr_cnt ip_field_cnt tcp_port_cnt tcp_field_cnt udp_port_cnt udp_field_cnt icmp_field_cnt data_cnt 0 0 0 0 0 0 0 0 0 caller = action= ag_add_key=
----------------------------------------------------------------------------
---- IP first 0 0 0 0 IP masking 0 0 0 0 = 0 IP back 0: 0 0 0 0 SQL (save_sql): SELECT event.sid, event.cid, signature, timestamp,
ip_src0,
ip_src1, ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_proto
FROM
event INNER JOIN iphdr ON event.sid=iphdr.sid AND event.cid=iphdr.cid
WHERE
event.cid > 0Query execution error: Database ERROR:Unknown column
'ip_src0'
in 'field list' SELECT event.sid, event.cid, signature, timestamp, ip_src0, ip_src1, ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_proto FROM event LEFT JOIN iphdr ON event.sid=iphdr.sid AND event.cid=iphdr.cid WHERE event.cid > 0 If I look at my iphdr table, there are only these fields defined: mysql> desc iphdr; +----------+----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +----------+----------------------+------+-----+---------+-------+ | sid | int(10) unsigned | | PRI | 0 | | | cid | int(10) unsigned | | PRI | 0 | | | ip_src | int(10) unsigned | | MUL | 0 | | | ip_dst | int(10) unsigned | | MUL | 0 | | | ip_ver | tinyint(3) unsigned | YES | | NULL | | | ip_hlen | tinyint(3) unsigned | YES | | NULL | | | ip_tos | tinyint(3) unsigned | YES | | NULL | | | ip_len | smallint(5) unsigned | YES | | NULL | | | ip_id | smallint(5) unsigned | YES | | NULL | | | ip_flags | tinyint(3) unsigned | YES | | NULL | | | ip_off | smallint(5) unsigned | YES | | NULL | | | ip_ttl | tinyint(3) unsigned | YES | | NULL | | | ip_proto | tinyint(3) unsigned | | | 0 | | | ip_csum | smallint(5) unsigned | YES | | NULL | | +----------+----------------------+------+-----+---------+-------+ This is for schema version 104 from the snort-stable which I downloaded yesterday. I have seen posts where people clearly have 22 fields in ipheadr, the 14 above plus ip_src0 - ip_src4 and ipdst0 - ip_dst4. Where do these come from? Where can I find the definition file to load
into
mysql? Any and all help greatly appreciated. Regards, Bruce -----Original Message----- From: Bruce Platt [mailto:Bruce () ei3 com] Sent: Friday, February 15, 2002 1:12 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Query execution error: Database ERROR:Unknown column 'ip_src0' in 'field list' I now have yesterday's snort-stable running and logging happily to a mysql db. Using acid 0.9.6b20, I receive the following error when attempting to query db about alert details: Database ERROR:Unknown column 'ip_src0' in 'field list'. Similar error
for
ip_dst0. Looking at some posts using a google search suggests that last year there was some discussion related to b10 release of acid and the fact that not
all
necessary code was committed. Examining the snort-stable/contrib/create_mysql shows no fields labled ip_src0 in the definitions, however, there are clearly a field labeled ip_src in the iphdr table definition as well as ip_dst. Have I left out an important step somewhere, should I have used some other version of create_mysql? Thanks and regards _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Additional debugging information: Query executi on error: Database ERROR:Unknown column 'ip_src0' in 'field list' Bruce Platt (Feb 16)