Snort mailing list archives
Re: slahes in SQL statement a problem?
From: "jon baer" <security () jonbaer net>
Date: Tue, 11 Nov 2003 10:13:12 -0500
You can try escaping the slash (ie just add another one) ... D-TRITON:\\ which would mean to take the slash literally ... Normally in PHP apps its common to use a method to add slashes so the DB does not choke: $sql = addslashes($sql); http://us4.php.net/addslashes It could also be if you have a ' character around sensor name ... - jon ----- Original Message ----- From: Mike Couch To: snort-users () lists sourceforge net Sent: Monday, November 10, 2003 12:23 PM Subject: [Snort-users] slahes in SQL statement a problem? Hi, Can't get snort to output into MySQL running on Windows 2K Box - permissions are fine....I think it has something to do with the slashes in the 'sensor name' when trying to execute the first SQL query... when I take the SQL from the error message and try to run it in MySQL (logged in with the same user) the SQL statement is not valid because of the '\' in the VALUES section of the statement.... my output database line is set to mysql and seems not to be the problem.... do I need to wait for the a snort.exe to account for slashes in sensor names or is there something I'm missing?? error message below - any help is appreciated... - Mike C:\Snort\bin>snort -c c:\snort\etc\snort.conf -l c:\snort\log -i3 Running in IDS mode Log directory = c:\snort\log Initializing Network Interface \ --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface \ Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file c:\snort\etc\snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Stream4_reassemble config: Server reassembly: INACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Zero out flushed packets: INACTIVE flush_data_diff_size: 500 Ports: 21 23 25 53 80 110 111 143 513 1433 Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 http_decode arguments: Unicode decoding IIS alternate Unicode decoding IIS double encoding vuln Flip backslash to slash Include additional whitespace separators Ports to decode http on: 80 rpc_decode arguments: Ports to decode RPC on: 111 32771 alert_fragments: INACTIVE alert_large_fragments: ACTIVE alert_incomplete: ACTIVE alert_multiple_requests: ACTIVE telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 database: compiled support for ( mysql odbc mssql ) database: configured to use mysql database: user = snort database: password is set database: database name = snort database: host = 10.100.100.30 database: sensor name = D-TRITON:\ database: mysql_error: You have an error in your SQL syntax. Check the manual t hat corresponds to your MySQL server version for the right syntax to use near '\ ' AND detail = '1' AND encoding = '0' AND filter IS NULL' at l database: mysql_error: You have an error in your SQL syntax. Check the manual t hat corresponds to your MySQL server version for the right syntax to use near '\ ','1','0', '0')' at line 1 SQL=INSERT INTO sensor (hostname, interface, detail, encoding, last_cid) VALUES ('D-TRITON:\','\','1','0', '0') database: mysql_error: You have an error in your SQL syntax. Check the manual t hat corresponds to your MySQL server version for the right syntax to use near '\ ' AND detail = '1' AND encoding = '0' AND filter IS NULL' at l database: Problem obtaining SENSOR ID (sid) from snort->sensor ERROR: When this plugin starts, a SELECT query is run to find the sensor id for the currently running sensor. If the sensor id is not found, the plugin will run an INSERT query to insert the proper data and generate a new sensor id. Then a SELECT query is run to get the newly allocated sensor id. If that fails then this error message is generated. Some possible causes for this error are: * the user does not have proper INSERT or SELECT privileges * the sensor table does not exist If you are _absolutely_ certain that you have the proper privileges set and that your database structure is built properly please let me know if you continue to get this error. You can contact me at (roman () danyliw com). Fatal Error, Quitting.. -------------------- Mike Couch IT Specialist 416-864-0440 x[224] 416-864-1881 fax mike.couch () eloqua com http://www.eloqua.com
Current thread:
- slahes in SQL statement a problem? Mike Couch (Nov 11)
- Re: slahes in SQL statement a problem? jon baer (Nov 11)