Re: need help with MySQL tables

[Nick Oliver <nwoliver () internetsecurityguru com>]

Something that may help you is to take a look at a paper written by
Patrick Harper.  It is on his website www.internetsecurityguru.com and
speaks specifically to installing Snort on a RedHat box with Acid and
MySql.  You may have to go back to the beginning on the install, but it
will install properly in just a few hours if you follow the instructions
correctly.  I know because I am a relative newbie myself and have done
it successfully several times.
nwo

On Sat, 2003-09-06 at 13:56, KTyson9426 () aol com wrote:

> Hello... And thanks to ANYONE that can offer me a little guidance with
> my problem.  I started installing snort 2 - 3 weeks ago when I bumped
> into my problem and have yet to get the snort installation
> completed.... And my boss is getting pretty aggravated and I think
> getting ready to deep 6 the idea of installing Snort on our network.
>
> I've read threw everything I can get my hands on and have posted on
> the Google mailing.group.snort several times... And never even got a
> reply... So if anyone would be willing to help me, they would find an
> extremely grateful person on the other side of their PC.  If it's just
> a stupid question then I apologize... But I have read threw everything
> I can get my hands on and still can't figure this out...
>
> For the most part my Snort 2.0 installation has been pretty painless.
> I got Snort itself installed and running and it was logging alerts to
> a flat file.... So the next step in my installation process was to to
> create the MySQL tables for the database logging (I'm planning on
> using ACID) and thats where everything ground down to a halt!!!
>
> When I try to create the table "event", MySQL keeps barfing all over
> the "timestamp" column.  I keep getting parsing errors on the
> "timestamp" column.  I've renamed this column and the create
> tablestatement will run fine.  
>
> create table event (   sid   INT UNSIGNED NOT NULL,
>                                cid   INT UNSIGNED NOT NULL,
>                                signature INT UNSIGNED NOT NULL,
>                                timestamp DATETIME NOT NULL,
>              PRIMARY KEY (sid,cid),
>              INDEX sig (signature),
>              INDEX time (timestamp));
>
> > mysql -u=root < create_mysql.sql 
>
> > ERROR: parse error near 'timestamp DATETIME NOT NULL,
> PRIMARY KEY (sid,cid),
> INDEX sig (signature),
> INDEX time (timestamp))'
>
> Which totally has me baffled because I got the scripts to create the
> snort DB off the Syngress Snort 2.0 book.... Plus I found the same
> script in a different location (cvs.sourceforge.net)... So I
> completely expect them to work... I'm just not sure what's wrong. 
>
> I posted something in a MySQL message board and I had a guy tell me
> that "timestamp" is a reserved word and that I can't use it.... So if
> "timestamp" is a reserved word and I'm not supposed to use it as a
> column name..... WTF???  What do I do????  Can someone please respond
> and advise me how to handle this?!?!?!?!?!?!?

-- 
Nick Oliver <nwoliver () internetsecurityguru com>