Re: Error on postgresql logging

[Frank Knobbe <fknobbe () knobbeits com>]

On Mon, 2003-06-30 at 17:01, Dilan wrote:
> Hi, 
> I have just setup Snort 2.0 with Postgresql 7.3 running on WinXP. Although 
> Snort starts and runs without a problem when it tries to log to the database 
> the following error shows up in the postgresql log.
>
> ERROR:  Bad timestamp external representation '2003-06-30 21:21:13-77838'
> WARNING:  ROLLBACK: no transaction in progress
>
> I have tried a "select '2003-06-30 21:21:13'::timestamp" in psql and it works 
> fine but as soon as I add the -77838 part it fails. I have tried starting snort 
> with and without -U option and it still tries to log the time in the above 
> format. Is there a way to fix this?

The timestamp format should be yyyy-mm-dd hh:mm:ss.micr-tz. After the
seconds should be a dot before the microseconds. That's at least the
Postgres time stamp which I believe adheres to ISO-8601 specs. You have
listed a - which is wrong. At the very end is a dash followed by the
timezone. Your timestamp look like a MS SQL specific implementation...

Ah.. while reviewing the code, it looks like you might be using a
version of Snort that was written for MS SQL, not Postgres. Try the
Postgres version of Snort. You may have to compile one yourself (dunno
if Michael offers Postgres on the WinSnort web site).


Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part