Snort mailing list archives
RE: Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? (more debug info)
From: "Keith Loyd" <Keith () Loyd com>
Date: Wed, 28 Apr 2004 18:41:31 -0500
2 things that stick out to me are the "SYBASE" and "ISO-8859-1" character set. If you are trying to log to a MS SQL database, SYBASE is not your friend and the default character set for MS is something other the 8859, not in front of my server so I can't tell you the default charter set for US-English. You can cull that from your SQL server. Keith www.ntsug.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of McCash, John Sent: Wednesday, April 28, 2004 4:33 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? (more debug info) I figured out how to turn on debugging in FreeTDS. Here is the debug information that's generated by it when I try to start up snort... Starting log file for FreeTDS 0.62.3 on 2004-04-28 16:18:26 with debug level 99. names for ISO-8859-1: ISO-8859-1 names for UTF-8: UTF-8 names for UCS-2LE: UCS-2LE names for UCS-2BE: UCS-2BE iconv to convert client-side data to the "ISO-8859-1" character set 16:18:26.062866 tds_iconv_info_init: converting "ISO-8859-1"->"UCS-2LE" 16:18:26.063323 tds_iconv_info_init: converting "ISO-8859-1"->"UCS-2LE" 16:18:26.063411 Connecting to 10.3.20.63 port 1433, TDS 8.0. 16:18:26.064408 tds_put_string converting 28 bytes of "aopsecurityserver.andrew.com" 16:18:26.064562 tds_put_string wrote 56 bytes 16:18:26.064617 tds_put_string converting 5 bytes of "snort" 16:18:26.064670 tds_put_string wrote 10 bytes 16:18:26.064725 tds_put_string wrote 0 bytes 16:18:26.064774 tds_put_string converting 6 bytes of "SYBASE" 16:18:26.064826 tds_put_string wrote 12 bytes 16:18:26.064874 tds_put_string wrote 0 bytes 16:18:26.064921 tds_put_string converting 10 bytes of "us_english" 16:18:26.064974 tds_put_string wrote 20 bytes 16:18:26.065022 tds_put_string converting 5 bytes of "snort" 16:18:26.065075 tds_put_string wrote 10 bytes 16:18:26.065248 tds_process_login_tokens() Received header @ 16:18:26.066296 0000 04 01 01 75 00 4b 01 00- |...u.K..| Received packet @ 16:18:26.066414 0000 e3 19 00 01 05 73 00 6e-00 6f 00 72 00 74 00 06 |.....s.n .o.r.t..| 0010 6d 00 61 00 73 00 74 00-65 00 72 00 ab 64 00 45 |m.a.s.t. e.r..d.E| 0020 16 00 00 02 00 24 00 43-00 68 00 61 00 6e 00 67 |.....$.C .h.a.n.g| 0030 00 65 00 64 00 20 00 64-00 61 00 74 00 61 00 62 |.e.d. .d .a.t.a.b| 0040 00 61 00 73 00 65 00 20-00 63 00 6f 00 6e 00 74 |.a.s.e. .c.o.n.t| 0050 00 65 00 78 00 74 00 20-00 74 00 6f 00 20 00 27 |.e.x.t. .t.o. .'| 0060 00 73 00 6e 00 6f 00 72-00 74 00 27 00 2e 00 08 |.s.n.o.r .t.'....| 0070 41 00 4f 00 50 00 53 00-45 00 43 00 44 00 42 00 |A.O.P.S. E.C.D.B.| 0080 00 00 00 e3 08 00 07 05-09 04 d0 00 34 00 e3 17 |........ ....4...| 0090 00 02 0a 75 00 73 00 5f-00 65 00 6e 00 67 00 6c |...u.s._ .e.n.g.l| 00a0 00 69 00 73 00 68 00 00-ab 6a 00 47 16 00 00 01 |.i.s.h.. .j.G....| 00b0 00 27 00 43 00 68 00 61-00 6e 00 67 00 65 00 64 |.'.C.h.a .n.g.e.d| 00c0 00 20 00 6c 00 61 00 6e-00 67 00 75 00 61 00 67 |. .l.a.n .g.u.a.g| 00d0 00 65 00 20 00 73 00 65-00 74 00 74 00 69 00 6e |.e. .s.e .t.t.i.n| 00e0 00 67 00 20 00 74 00 6f-00 20 00 75 00 73 00 5f |.g. .t.o . .u.s._| 00f0 00 65 00 6e 00 67 00 6c-00 69 00 73 00 68 00 2e |.e.n.g.l .i.s.h..| 0100 00 08 41 00 4f 00 50 00-53 00 45 00 43 00 44 00 |..A.O.P. S.E.C.D.| 0110 42 00 00 00 00 ad 36 00-01 71 00 00 01 16 4d 00 |B.....6. .q....M.| 0120 69 00 63 00 72 00 6f 00-73 00 6f 00 66 00 74 00 |i.c.r.o. s.o.f.t.| 0130 20 00 53 00 51 00 4c 00-20 00 53 00 65 00 72 00 | .S.Q.L. .S.e.r.| 0140 76 00 65 00 72 00 00 00-00 00 08 00 02 f8 e3 13 |v.e.r... ........| 0150 00 04 04 34 00 30 00 39-00 36 00 04 34 00 30 00 |...4.0.9 .6..4.0.| 0160 39 00 36 00 fd 00 00 00-00 00 00 00 00 |9.6..... .....| 16:18:26.067044 looking for login token, got e3(ENVCHANGE) 16:18:26.067101 tds_process_default_tokens() marker is e3(ENVCHANGE) tds_get_string: reading 10 from wire to give 5 to client. tds_get_string: reading 12 from wire to give 6 to client. 16:18:26.067282 looking for login token, got ab(INFO) 16:18:26.067333 tds_process_default_tokens() marker is ab(INFO) tds_get_string: reading 72 from wire to give 36 to client. tds_get_string: reading 16 from wire to give 8 to client. 16:18:26.067494 looking for login token, got e3(ENVCHANGE) 16:18:26.067547 tds_process_default_tokens() marker is e3(ENVCHANGE) 16:18:26.068053 tds_iconv_info_init: converting "ISO-8859-1"->"CP1252" 16:18:26.068121 looking for login token, got e3(ENVCHANGE) 16:18:26.068171 tds_process_default_tokens() marker is e3(ENVCHANGE) tds_get_string: reading 20 from wire to give 10 to client. 16:18:26.068266 looking for login token, got ab(INFO) 16:18:26.068317 tds_process_default_tokens() marker is ab(INFO) tds_get_string: reading 78 from wire to give 39 to client. tds_get_string: reading 16 from wire to give 8 to client. 16:18:26.068657 looking for login token, got ad(LOGINACK) tds_get_string: reading 44 from wire to give 22 to client. 16:18:26.071260 looking for login token, got e3(ENVCHANGE) 16:18:26.071314 tds_process_default_tokens() marker is e3(ENVCHANGE) tds_get_string: reading 8 from wire to give 4 to client. tds_get_string: reading 8 from wire to give 4 to client. 16:18:26.071697 increasing block size from 4096 to 4096 16:18:26.071780 looking for login token, got fd(DONE) 16:18:26.071834 tds_process_default_tokens() marker is fd(DONE) 16:18:26.071885 tds_process_end: more_results = 0 was_cancelled = 0 error = 0 done_count_valid = 0 16:18:26.071941 tds_process_end() state set to TDS_IDLE 16:18:26.071987 leaving tds_process_login_tokens() returning 1 16:18:26.072065 tds_put_string converting 19 bytes of "set textsize 64512 " 16:18:26.072123 tds_put_string wrote 38 bytes Sending packet @ 16:18:26.072174 0000 01 01 00 2e 00 00 01 00-73 00 65 00 74 00 20 00 |........ s.e.t. .| 0010 74 00 65 00 78 00 74 00-73 00 69 00 7a 00 65 00 |t.e.x.t. s.i.z.e.| 0020 20 00 36 00 34 00 35 00-31 00 32 00 20 00 | .6.4.5. 1.2. .| Received header @ 16:18:26.072859 0000 04 01 00 11 00 4b 01 00- |.....K..| Received packet @ 16:18:26.072979 0000 fd 00 00 be 00 00 00 00-00 |........ .| 16:18:26.073089 processing result tokens. marker is fd(DONE) 16:18:26.073144 tds_process_end: more_results = 0 was_cancelled = 0 error = 0 done_count_valid = 0 16:18:26.073201 tds_process_end() state set to TDS_IDLE 16:18:26.073247 tds_process_result_tokens() state is COMPLETED SQLGetFunctions: fFunction is 1 SQLGetFunctions: fFunction is 2 SQLGetFunctions: fFunction is 1001 SQLGetFunctions: fFunction is 3 SQLGetFunctions: fFunction is 4 SQLGetFunctions: fFunction is 1002 SQLGetFunctions: fFunction is 72 SQLGetFunctions: fFunction is 5 SQLGetFunctions: fFunction is 1003 SQLGetFunctions: fFunction is 6 SQLGetFunctions: fFunction is 6 SQLGetFunctions: fFunction is 56 SQLGetFunctions: fFunction is 40 SQLGetFunctions: fFunction is 7 SQLGetFunctions: fFunction is 1004 SQLGetFunctions: fFunction is 8 SQLGetFunctions: fFunction is 9 SQLGetFunctions: fFunction is 41 SQLGetFunctions: fFunction is 1005 SQLGetFunctions: fFunction is 10 SQLGetFunctions: fFunction is 11 SQLGetFunctions: fFunction is 12 SQLGetFunctions: fFunction is 13 SQLGetFunctions: fFunction is 1021 SQLGetFunctions: fFunction is 60 SQLGetFunctions: fFunction is 15 SQLGetFunctions: fFunction is 1006 SQLGetFunctions: fFunction is 16 SQLGetFunctions: fFunction is 14 SQLGetFunctions: fFunction is 1007 SQLGetFunctions: fFunction is 42 SQLGetFunctions: fFunction is 17 SQLGetFunctions: fFunction is 43 SQLGetFunctions: fFunction is 1008 SQLGetFunctions: fFunction is 1009 SQLGetFunctions: fFunction is 1010 SQLGetFunctions: fFunction is 1012 SQLGetFunctions: fFunction is 44 SQLGetFunctions: fFunction is 45 SQLGetFunctions: fFunction is 1014 SQLGetFunctions: fFunction is 46 SQLGetFunctions: fFunction is 47 SQLGetFunctions: fFunction is 61 SQLGetFunctions: fFunction is 62 SQLGetFunctions: fFunction is 63 SQLGetFunctions: fFunction is 18 SQLGetFunctions: fFunction is 48 SQLGetFunctions: fFunction is 64 SQLGetFunctions: fFunction is 19 SQLGetFunctions: fFunction is 65 SQLGetFunctions: fFunction is 66 SQLGetFunctions: fFunction is 67 SQLGetFunctions: fFunction is 49 SQLGetFunctions: fFunction is 20 SQLGetFunctions: fFunction is 1016 SQLGetFunctions: fFunction is 50 SQLGetFunctions: fFunction is 21 SQLGetFunctions: fFunction is 1017 SQLGetFunctions: fFunction is 1018 SQLGetFunctions: fFunction is 1019 SQLGetFunctions: fFunction is 22 SQLGetFunctions: fFunction is 1020 SQLGetFunctions: fFunction is 51 SQLGetFunctions: fFunction is 52 SQLGetFunctions: fFunction is 53 SQLGetFunctions: fFunction is 70 SQLGetFunctions: fFunction is 54 SQLGetFunctions: fFunction is 23 SQLGetFunctions: fFunction is 1011 Creating prepared statement Sending packet @ 16:18:26.076056 0000 03 01 01 76 00 00 01 00-ff ff 0b 00 00 00 00 01 |...v.... ........| 0010 26 04 00 00 00 63 00 00-00 00 09 04 d0 00 34 ff |&....c.. ......4.| 0020 ff ff ff 00 00 63 3c 01-00 00 09 04 d0 00 34 3c |.....c<. ......4<| 0030 01 00 00 53 00 45 00 4c-00 45 00 43 00 54 00 20 |...S.E.L .E.C.T. | 0040 00 73 00 69 00 64 00 20-00 20 00 20 00 46 00 52 |.s.i.d. . . .F.R| 0050 00 4f 00 4d 00 20 00 73-00 65 00 6e 00 73 00 6f |.O.M. .s .e.n.s.o| 0060 00 72 00 20 00 20 00 57-00 48 00 45 00 52 00 45 |.r. . .W .H.E.R.E| 0070 00 20 00 68 00 6f 00 73-00 74 00 6e 00 61 00 6d |. .h.o.s .t.n.a.m| 0080 00 65 00 20 00 3d 00 20-00 27 00 31 00 30 00 2e |.e. .=. .'.1.0..| 0090 00 32 00 2e 00 32 00 32-00 2e 00 31 00 27 00 20 |.2...2.2 ...1.'. | 00a0 00 20 00 20 00 20 00 41-00 4e 00 44 00 20 00 69 |. . . .A .N.D. .i| 00b0 00 6e 00 74 00 65 00 72-00 66 00 61 00 63 00 65 |.n.t.e.r .f.a.c.e| 00c0 00 20 00 3d 00 20 00 27-00 65 00 74 00 68 00 30 |. .=. .' .e.t.h.0| 00d0 00 27 00 20 00 20 00 20-00 20 00 41 00 4e 00 44 |.'. . . . .A.N.D| 00e0 00 20 00 66 00 69 00 6c-00 74 00 65 00 72 00 20 |. .f.i.l .t.e.r. | 00f0 00 3d 00 27 00 6e 00 6f-00 74 00 20 00 68 00 6f |.=.'.n.o .t. .h.o| 0100 00 73 00 74 00 20 00 31-00 30 00 2e 00 32 00 2e |.s.t. .1 .0...2..| 0110 00 32 00 32 00 2e 00 31-00 27 00 20 00 20 00 20 |.2.2...1 .'. . . | 0120 00 20 00 41 00 4e 00 44-00 20 00 64 00 65 00 74 |. .A.N.D . .d.e.t| 0130 00 61 00 69 00 6c 00 20-00 3d 00 20 00 27 00 31 |.a.i.l. .=. .'.1| 0140 00 27 00 20 00 20 00 20-00 20 00 41 00 4e 00 44 |.'. . . . .A.N.D| 0150 00 20 00 65 00 6e 00 63-00 6f 00 64 00 69 00 6e |. .e.n.c .o.d.i.n| 0160 00 67 00 20 00 3d 00 20-00 27 00 30 00 27 00 00 |.g. .=. .'.0.'..| 0170 00 38 01 00 00 00 - |.8....| Received header @ 16:18:26.077504 0000 04 01 00 41 00 4b 01 00- |...A.K..| Received packet @ 16:18:26.077668 0000 81 01 00 00 00 10 00 6c-11 0a 00 03 73 00 69 00 |.......l ....s.i.| 0010 64 00 ff 01 00 c1 00 00-00 00 00 79 00 00 00 00 |d....... ...y....| 0020 ac 0d 00 00 01 38 00 00-00 26 04 04 01 00 00 00 |.....8.. .&......| 0030 fe 00 00 e0 00 00 00 00-00 |........ .| 16:18:26.077818 processing result tokens. marker is 81(TDS7_RESULT) tds_get_string: reading 6 from wire to give 3 to client. 16:18:26.078045 tds7_get_data_info:1451: colname = sid (3 bytes) type = 108 (numeric) server's type = 108 (numeric) column_varint_size = 1 column_size = 17 (17 on server) 16:18:26.078128 processing result tokens. marker is ff(DONEINPROC) 16:18:26.078226 tds_process_end: more_results = 1 was_cancelled = 0 error = 0 done_count_valid = 0 16:18:26.078287 processing result tokens. marker is 79(RETURNSTATUS) 16:18:26.078337 processing result tokens. marker is ac(PARAM) 16:18:26.078386 processing parameters for sp 11 16:18:26.078433 calling tds_process_param_result 16:18:26.078486 processing result. type = 38(integer-null), varint_size 1 16:18:26.078539 processing result. column_size 4 16:18:26.078870 processing row. column is 0 varint size = 1 16:18:26.078922 processing row. column size is 4 16:18:26.078969 clearing column 0 NULL bit 16:18:26.079017 no of hidden return parameters 1 16:18:26.079068 processing result tokens. marker is fe(DONEPROC) 16:18:26.079120 tds_process_end: more_results = 0 was_cancelled = 0 error = 0 done_count_valid = 0 16:18:26.079176 tds_process_end() state set to TDS_IDLE 16:18:26.079311 tds_process_result_tokens() state is COMPLETED End prepare, execute 16:18:26.079378 tds_submit_execute() Sending packet @ 16:18:26.079429 0000 03 01 00 27 00 00 01 00-0a 00 73 00 70 00 5f 00 |...'.... ..s.p._.| 0010 65 00 78 00 65 00 63 00-75 00 74 00 65 00 00 00 |e.x.e.c. u.t.e...| 0020 00 00 38 01 00 00 00 - |..8....| Received header @ 16:18:26.080107 0000 04 01 00 31 00 4b 01 00- |...1.K..| Received packet @ 16:18:26.080200 0000 81 01 00 00 00 10 00 6c-11 0a 00 03 73 00 69 00 |.......l ....s.i.| 0010 64 00 ff 11 00 c1 00 00-00 00 00 79 00 00 00 00 |d....... ...y....| 0020 fe 00 00 e0 00 00 00 00-00 |........ .| 16:18:26.080319 processing result tokens. marker is 81(TDS7_RESULT) tds_get_string: reading 6 from wire to give 3 to client. 16:18:26.080494 tds7_get_data_info:1451: colname = sid (3 bytes) type = 108 (numeric) server's type = 108 (numeric) column_varint_size = 1 column_size = 17 (17 on server) 16:18:26.080572 processing result tokens. marker is ff(DONEINPROC) 16:18:26.080624 tds_process_end: more_results = 1 was_cancelled = 0 error = 0 done_count_valid = 1 16:18:26.080681 rows_affected = 0 Creating prepared statement tds_submit_query(): state is PENDING 16:18:26.080964 tds_client_msg: #20019: "Attempt to initiate a new SQL Server operation with results pending.". Connection state is now 1. Creating prepared statement tds_submit_query(): state is PENDING 16:18:26.081263 tds_client_msg: #20019: "Attempt to initiate a new SQL Server operation with results pending.". Connection state is now 1. ---------------------------------------------------------------------------- -------------------- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ---------------------------------------------------------------------------- -------------------- [mf2] ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=ick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? (more debug info) McCash, John (Apr 28)
- RE: Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? (more debug info) Keith Loyd (Apr 28)
- <Possible follow-ups>
- RE: Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? (more debug info) McCash, John (Apr 29)
- RE: Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? (more debug info) McCash, John (Apr 29)