Snort mailing list archives
RE: MYSQL Error on Windows XP snort install
From: "Bright, Mark IT2" <mbrigh () lincoln navy mil>
Date: Wed, 3 Dec 2003 12:23:19 -0800
I've confirmed that the sensor name is not the issue (at least in my situation). I have changed it numerous times to no avail. After taking a second look at the error that's given, it looks like the SQL statement AFTER the sensor name is the issue. I still have no idea how to fix it though... ~Mark -----Original Message----- From: snortmail [mailto:snortmail () eloqua com] Sent: Wednesday, December 03, 2003 9:01 AM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] MYSQL Error on Windows XP snort install I'm on a Win2K Box - and experiencing the same issues with mySQL - I've also run snort to log to a MSSQL under the exact conditions and it goes through fine...the correspondence below is from the beginning of last month. Changing the sensor name does not fix the problem - there continues to be an issue with the interface name - it's just that the sensor name was hitting an error first. If anyone has further insight into this issue - it would be appreciated. I've been struggling to find any help because most people think that I'm not configuring my permissions properly. This is the first time in awhile that so many people are having the same concern - please forward your issues to Roman - as I have no choice but to stay on a Windows platform and therefore can't modify the snort executable. Thanks, - Mike -----Original Message----- From: Mike Couch Sent: Thursday, November 13, 2003 1:37 PM To: 'roman () danyliw com' Subject: snort & slashes with mysql MySQL, Windows, Snort 2.04 - interface call returns a '/' in spo_database.c near line 320 this is the escape character in mySQL syntax DB structure and permissions are totally fine Cheers, - Mike -----Original Message----- From: James Haworth [mailto:james.haworth () eduserv org uk] Sent: Wednesday, November 12, 2003 4:42 PM To: Mike Couch Subject: RE: snort & slashes Hi Mike. I haven't found a solution to this problem as yet. It is caused by the Packet Capture driver returning a blank interface name within Windows. This is then interpreted by Snort as a "\" which is the escape character within MySQL and therefore you get the error. I have tried many ways of getting this to work, and unless you remove the MySQL support, then it fails. I have opted to go for Red Hat Linux base which doesn't experience this problem until I can find a fix for it. Sorry I couldn't be more help. Let me know if you find a solution for this. Regards James Haworth -----Original Message----- From: Mike Couch [mailto:michael.couch () eloqua com] Sent: Wed 12/11/2003 18:44 To: James Haworth Cc: Subject: snort & slashes Hi James, I hope you don't mind me contacting you - but I found your email address on a newsgroup posting....anyways - I just was wondering if you ever found a solution to the problem you were having below in September...I've been spending way too much time on the same issue and haven't found any helpful advise....thanks very much... - Mike Hi. When I start Snort, I get the following error. Has anybody seen this error, or know how to resolve it as I am getting it on every box that I install it on? Regards James Haworth C:\Snort\bin>snort -i 2 -c c:\snort\etc\snort.conf -v Running in IDS mode Log directory = log Initializing Network Interface \ --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface \ Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file c:\snort\etc\snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: ACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Stream4_reassemble config: Server reassembly: INACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Ports: 21 23 25 53 80 110 111 143 513 1433 Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 http_decode arguments: Unicode decoding IIS alternate Unicode decoding IIS double encoding vuln Flip backslash to slash Include additional whitespace separators Ports to decode http on: 80 rpc_decode arguments: Ports to decode RPC on: 111 32771 alert_fragments: INACTIVE alert_large_fragments: ACTIVE alert_incomplete: ACTIVE alert_multiple_requests: ACTIVE telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 Using LOCAL time database: compiled support for ( mysql odbc ) database: configured to use mysql database: user = root database: database name = snort database: host = localhost Node unique name is: EO52:\ database: sensor name = EO52:\ database: mysql_error: You have an error in your SQL syntax. Check the manual t hat corresponds to your MySQL server version for the right syntax to use near '\ ' AND detail = '1' AND encoding = '0' AND filter IS NULL' at l database: mysql_error: You have an error in your SQL syntax. Check the manual t hat corresponds to your MySQL server version for the right syntax to use near '\ ','1','0', '0')' at line 1 SQL=INSERT INTO sensor (hostname, interface, detail, encoding, last_cid) VALUES ('EO52:\','\','1','0', '0') database: mysql_error: You have an error in your SQL syntax. Check the manual t hat corresponds to your MySQL server version for the right syntax to use near '\ ' AND detail = '1' AND encoding = '0' AND filter IS NULL' at l database: Problem obtaining SENSOR ID (sid) from snort->sensor ERROR: When this plugin starts, a SELECT query is run to find the sensor id for the currently running sensor. If the sensor id is not found, the plugin will run an INSERT query to insert the proper data and generate a new sensor id. Then a SELECT query is run to get the newly allocated sensor id. If that fails then this error message is generated. Some possible causes for this error are: * the user does not have proper INSERT or SELECT privileges * the sensor table does not exist If you are _absolutely_ certain that you have the proper privileges set and that your database structure is built properly please let me know if you continue to get this error. You can contact me at (roman () danyliw com). Fatal Error, Quitting.. Snort Interfaces Available Command (snort -W) C:\Snort\bin>snort -W -*> Snort! <*- Version 2.0.1-ODBC-MySQL-FlexRESP-WIN32 (Build 88) By Martin Roesch (roesch () sourcefire com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike) 1.8 - 2.0 WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com) Interface Device Description ------------------------------------------- 1 \Device\Packet_NdisWanIp (NdisWan Adapter) 2 \Device\Packet_{165D21FE-FB6F-4BFE-80C0-C783B23164BE} (SiS NIC SISNIC) -------------------- Mike Couch IT Specialist 416-864-0440 x[224] 416-864-1881 fax mike.couch () eloqua com <mailto:mike.couch () eloqua com> http://www.eloqua.com <http://www.eloqua.com/> NHY隊X'u᭼H3lbzwJi{!t!jH3l+^ݵe࠺!jܨb᭞Dڑaࠊ½^᯲{&w*.rࠋwknt' S͉jסp0¸,(ᡛtȱy tޘi+^)o۬z&j)b bԧn +-.ᓭǟFࠢ-+Dhrzᴺ)*'Ξ mm鶛?Xꬶ(~zwɭXbࠝ?z+ᰶħn +-j!硶0ᤁ%z(v*~i X ۬ ------------------------------------------------------- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: MYSQL Error on Windows XP snort install, (continued)
- RE: MYSQL Error on Windows XP snort install Michael Steele (Dec 02)
- Re: MYSQL Error on Windows XP snort install Tim (Dec 02)
- RE: MYSQL Error on Windows XP snort install Michael Steele (Dec 03)
- RE: MYSQL Error on Windows XP snort install Michael Steele (Dec 03)
- Re: MYSQL Error on Windows XP snort install Tim (Dec 02)
- RE: MYSQL Error on Windows XP snort install Bright, Mark IT2 (Dec 02)
- Re: MYSQL Error on Windows XP snort install Jim Brown (Dec 02)
- RE: MYSQL Error on Windows XP snort install Michael Steele (Dec 03)
- Re: MYSQL Error on Windows XP snort install Jim Brown (Dec 02)
- RE: MYSQL Error on Windows XP snort install Bright, Mark IT2 (Dec 02)
- RE: MYSQL Error on Windows XP snort install Jacob Roberts (Dec 03)
- RE: MYSQL Error on Windows XP snort install snortmail (Dec 03)
- RE: MYSQL Error on Windows XP snort install Bright, Mark IT2 (Dec 03)
- RE: MYSQL Error on Windows XP snort install Michael Steele (Dec 02)