Snort mailing list archives

Re: Problems starting Snort 1.9.0 on RH 8.0

From: Eli Stair <estair () tardis ath cx>
Date: Tue, 5 Nov 2002 00:27:08 -0500

I had a similar issue with Postgres last week, it was known and fixed in
CVS.  Although no one replied to my mail to tell me this..

Grab the current CVS snapshot and take a look-see in the changelog.

/eli


I am having trouble getting Snort to start.  Any help would be greatly
appreciated. 

Config:
RedHat 8.0
Snort 1.9.0
MySQL 3.23.53a

I created a user with all the rights to try and make sure that it would
work:
mysql -u root -p{password} snort
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to
snort@localhost;

I checked the database and made sure that the "sensor" table exists.

I try to start Snort:
/etc/snort# snort -d -c ./snort.conf

The following is the error I am receiving:

Initializing Output Plugins!
Log directory = /var/log/snort

Initializing Network Interface eth0

        --== Initializing Snort ==--
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file ./snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD
http_decode arguments:
    Unicode decoding
    IIS alternate Unicode decoding
    IIS double encoding vuln
    Flip backslash to slash
    Include additional whitespace separators
    Ports to decode http on: 80
rpc_decode arguments:
    Ports to decode RPC on: 111 32771
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Conversation Config:
   KeepStats: 0
   Conv Count: 32000
   Timeout   : 60
   Alert Odd?: 0
   Allowed IP Protocols:  All

Portscan2 config:
    log: /var/log/snort/scan.log
    scanners_max: 3200
    targets_max: 5000
    target_limit: 5
    port_limit: 20
    timeout: 60
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name = 10.70.2.252
database: mysql_error: Duplicate entry '0' for key 1
SQL=INSERT INTO sensor (hostname, interface, detail, encoding, last_cid)
VALUES ('10.70.2.252','eth0','1','0', '0')
database: Problem obtaining SENSOR ID (sid) from snort->sensor

 When this plugin starts, a SELECT query is run to find the sensor id for
the
 currently running sensor. If the sensor id is not found, the plugin will
run
 an INSERT query to insert the proper data and generate a new sensor id.
Then a
 SELECT query is run to get the newly allocated sensor id. If that fails
then
 this error message is generated.

 Some possible causes for this error are:
  * the user does not have proper INSERT or SELECT privileges
  * the sensor table does not exist

 If you are _absolutely_ certain that you have the proper privileges set and
 that your database structure is built properly please let me know if you
 continue to get this error. You can contact me at (roman () danyliw com).

Fatal Error, Quitting..

Thanks,
Chris



-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Problems starting Snort 1.9.0 on RH 8.0 Sawall, Christopher L (Nov 04)
- Re: Problems starting Snort 1.9.0 on RH 8.0 Eli Stair (Nov 04)
- <Possible follow-ups>
- RE: Problems starting Snort 1.9.0 on RH 8.0 Scott, Joshua (Nov 04)
- RE: Problems starting Snort 1.9.0 on RH 8.0 Sawall, Christopher L (Nov 05)