Snort mailing list archives
Re: need help with MySQL tables
From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 06 Sep 2003 14:32:34 -0500
Included in the source for snort is are scripts to create the tables you need with the correct values for each type of database that snort reports. The mysql script is named create_mysql.
You run it like this: mysql -p snort < /path/to/create_msql That should create the tables you need without you having to do it manually. You *did* compile snort with mysql support, right?? --On Saturday, September 06, 2003 2:56 PM -0400 KTyson9426 () aol com wrote:
Hello... And thanks to ANYONE that can offer me a little guidance with my problem. I started installing snort 2 - 3 weeks ago when I bumped into my problem and have yet to get the snort installation completed.... And my boss is getting pretty aggravated and I think getting ready to deep 6 the idea of installing Snort on our network. I've read threw everything I can get my hands on and have posted on the Google mailing.group.snort several times... And never even got a reply... So if anyone would be willing to help me, they would find an extremely grateful person on the other side of their PC. If it's just a stupid question then I apologize... But I have read threw everything I can get my hands on and still can't figure this out... For the most part my Snort 2.0 installation has been pretty painless. I got Snort itself installed and running and it was logging alerts to a flat file.... So the next step in my installation process was to to create the MySQL tables for the database logging (I'm planning on using ACID) and thats where everything ground down to a halt!!! When I try to create the table "event", MySQL keeps barfing all over the "timestamp" column. I keep getting parsing errors on the "timestamp" column. I've renamed this column and the create tablestatement will run fine. create table event ( sid INT UNSIGNED NOT NULL, cid INT UNSIGNED NOT NULL, signature INT UNSIGNED NOT NULL, timestamp DATETIME NOT NULL, PRIMARY KEY (sid,cid), INDEX sig (signature), INDEX time (timestamp));mysql -u=root < create_mysql.sqlERROR: parse error near 'timestamp DATETIME NOT NULL,PRIMARY KEY (sid,cid), INDEX sig (signature), INDEX time (timestamp))' Which totally has me baffled because I got the scripts to create the snort DB off the Syngress Snort 2.0 book.... Plus I found the same script in a different location (cvs.sourceforge.net)... So I completely expect them to work... I'm just not sure what's wrong. I posted something in a MySQL message board and I had a guy tell me that "timestamp" is a reserved word and that I can't use it.... So if "timestamp" is a reserved word and I'm not supposed to use it as a column name..... WTF??? What do I do???? Can someone please respond and advise me how to handle this?!?!?!?!?!?!?
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- need help with MySQL tables KTyson9426 (Sep 06)
- Re: need help with MySQL tables Paul Schmehl (Sep 06)
- Re: need help with MySQL tables Christopher E. Cramer (Sep 08)
- Re: need help with MySQL tables Nick Oliver (Sep 06)
- <Possible follow-ups>
- RE: need help with MySQL tables L. Christopher Luther (Sep 08)
- RE: need help with MySQL tables Marc Quibell (Sep 09)
- Re: need help with MySQL tables Paul Schmehl (Sep 06)