Snort mailing list archives

RE: Snort 2.2.0, MS-SQL Server 2000, ODBC

From: "McCash, John" <John.McCash () andrew com>
Date: Thu, 9 Sep 2004 11:57:35 -0500
Hi Paul,
        Ahh! A subject near and dear to my heart! This is currently
being worked on, I just believe it's not being treated as a priority.
There was a patch posted to one of the lists last November for
snort-2.0.2, to make it work with unixodbc and freetds (which you're
going to need), however it can't be applied to the current version.
Through various cajoling, prodding, and outright begging, I got the
current database output plugin developer Chris Reid (Hi Chris! Are you
out there? See there's more interest in this than just me!) to work on
including it. Unfortunately, his first cut at it didn't work, and then
he promptly had a second child (actually I suppose it was his wife).
That was back in April. Since then, he's been busy with other things,
and seems to be having Linux install issues to boot. I believe his
development platform of choice is one of the BSDs. I've sent his first
cut at a patched plugin to the guy who originally wrote the patch, and
he sent back a list of things he needs to do to make it work (in July),
which I forwarded to Chris. I got a note from him 8/10 that indicates
that he's been really busy, but hopes to get back to working on this
Real-Soon-Now(tm).
                And now you know - the rest of the story...
                        John

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Paul
Martin
Sent: Wednesday, September 08, 2004 12:54 PM
To: Snort-users () lists sourceforge net
Subject: [Snort-users] Snort 2.2.0, MS-SQL Server 2000, ODBC

I've installed Snort/Apache/RH/MySQL according to Patrick Harper's HOWTO

on the Snort page, and everything's been working just fine.  
Unfortunately, now the PTBs want to migrate our databases to MSSQL as 
opposed to MySQL.  I understand that Snort does not support MSSQL 
natively under linux, and as such, I need to use the ODBC option.  I've 
recompiled Snort with ODBC support, with no problem.  I compiled and 
installed the ODBC interface from www.unixodbc.org, which make'd and 
installed just fine.  However, now I need to configure it so that the 
ODBC will communicate with the MSSQL server.

The instructions say that it is very similar to the Data Sources: ODBC 
under windows.  The only problem is that I am running this Snort server 
sans WM.  No GUI.  So I have to configure this beast command-line.  Or 
do I?  All I know is that whenever I run "snort -c 
/etc/snort/snort.conf", I get:

ERROR: database: ODBC unable to connect.
Fatal Error, Quitting..

Any advice?  This is driving me nuts.

-- 
Paul Martin
Network Technician
Hilton Grand Vacations Co.
(407) 393-3034
pmartin () hgvc com



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

Snort 2.2.0, MS-SQL Server 2000, ODBC Paul Martin (Sep 08)
- <Possible follow-ups>
- RE: Snort 2.2.0, MS-SQL Server 2000, ODBC McCash, John (Sep 09)