Snort mailing list archives

RE: Snortcenter2 and Rules update

From: John Hally <JHally () epnet com>
Date: Mon, 24 Jan 2005 09:40:07 -0500

Exactly what I did.  I saw it in the tar, so I dropped my old db and ran
that script to create the new one.  I'll drop it and let SC2 create it.

Thanks for the help!

John.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Trevor Benson
Sent: Friday, January 21, 2005 6:42 PM
To: Wes Young
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snortcenter2 and Rules update

Does now ;).  Didn't realize someone used the same name for a script in
sc2, I just figured that was an outdated copy of the snort script in the
sc2 tar.  Good to know so I never try to use it.

Trevor 

-----Original Message-----
From: Wes Young [mailto:wcyoung () buffalo edu] 
Sent: Friday, January 21, 2005 2:13 PM
To: Trevor Benson
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snortcenter2 and Rules update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It doesnt do both db's... Just takes care of the SC2 DB when you first
run SC2..

What I think she did was run the 'create_mysql' script that is laying
around in the sc2 dir (jason, get rid of it ;-)) and created the SC2 db
from that instead of letting the php scripts take care of it. There is a
bug in that 'create_mysql' for sc2 db that brings up that error, but it
was fixed with the code that set's up the db's via the website.

make sense??

Trevor Benson wrote:
| Ahh I see.  I never knew anyone modded the mysql script to do both 
| databases.  I will watch out for that.
|
| Thanks,
| Trevor
|
| -----Original Message-----
| From: Wes Young [mailto:wcyoung () buffalo edu]
| Sent: Friday, January 21, 2005 1:44 PM
| To: Trevor Benson
| Cc: John Hally; snort-users () lists sourceforge net
| Subject: Re: [Snort-users] Snortcenter2 and Rules update
|
| I was specifically referring to the SC2 db... not the snort db...
|
| there is a create_mysql in the snortcenter dir that is "supposed" to 
| create the SC2 db... but it doesnt seem to work right. You're better 
| off having the website create the db for you to avoid that error she 
| see's...
|
| Trevor Benson wrote:
| | But that's not what I am getting at, the scripts create 2 DIFFERENT 
| | databases, so to finish installation you HAVE to use both the SC2 to

| | create snortcenter database, and the create_mysql script from snort 
| | for the snort database.  Or am I missing something big that changed 
| | in
| sc2?
| |
| | Trevor
| |
| | -----Original Message-----
| | From: Wes Young [mailto:wcyoung () buffalo edu]
| | Sent: Friday, January 21, 2005 12:40 PM
| | To: Trevor Benson
| | Cc: John Hally; snort-users () lists sourceforge net
| | Subject: Re: [Snort-users] Snortcenter2 and Rules update
| |
| | right, that was what i was getting at, there is an error if you try 
| | to
|
| | use the script, but if you let SC2 do it, it should work properly...
| |
| | Trevor Benson wrote:
| | | Wes,
| | |
| | |    If I remember right sc2 will create a snortcenter database, 
| | | where
|
| | | the mysql script is to specifically create the snort database 
| | | where logging occurs.
| | |
| | | Trevor
| | |
| | | -----Original Message-----
| | | From: snort-users-admin () lists sourceforge net
| | | [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Wes 
| | | Young
| | | Sent: Friday, January 21, 2005 6:37 AM
| | | To: John Hally
| | | Cc: snort-users () lists sourceforge net
| | | Subject: Re: [Snort-users] Snortcenter2 and Rules update
| | |
| | | Did you let SC2 create the db or did you do it via the mysql
script?
| | |
| | | John Hally wrote:
| | | | Hello All,
| | | |
| | | |
| | | |
| | | | I just got finished setting up Snortcenter2 and I get the 
| | | | following error when trying to update the rules from the
internet.
|
| | | | Did I flub
| |
| | | | up the mysql tables during install or something?
| | | |
| | | |
| | | |
| | | | *Database ERROR:Database ERROR:*Unknown column 'byte_jump' in 
| | | | 'field
| | | list'
| | | |
| | | |
| | | |
| | | | THANKS!
| | | |
| | |
| | | --
| | | Wes Young
| | | Network Security Analyst
| | | University at Buffalo
| | | GPG Key:
| | | http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
| |
| | -------------------------------------------------------
| | This SF.Net email is sponsored by: IntelliVIEW -- Interactive 
| | Reporting Tool for open source databases. Create drag-&-drop
reports.
| | Save time by over 75%! Publish reports on the web. Export to DOC, 
| | XLS,
| RTF, etc.
| | Download a FREE copy at http://www.intelliview.com/go/osdn_nl
| | _______________________________________________
| | Snort-users mailing list
| | Snort-users () lists sourceforge net
| | Go to this URL to change user options or unsubscribe:
| | https://lists.sourceforge.net/lists/listinfo/snort-users
| | Snort-users list archive:
| | http://www.geocrawler.com/redir-sf.php3?list=snort-users
| |
| |
| |
| | --
| | Wes Young
| | Network Security Analyst
| | University at Buffalo
| | GPG Key: 
| | http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
|
| --
| Wes Young
| Network Security Analyst
| University at Buffalo
| GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html

- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)

iD8DBQFB8X5gzLe0Tk6uDXYRAhauAKCkxJSOIZMTczo/FygEdNurVE/i6gCgsz7t
sCJVoEaw3k1+pH0IE/NUo8s=
=yJnm
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snortcenter2 and Rules update John Hally (Jan 20)
- Re: Snortcenter2 and Rules update Wes Young (Jan 21)
- <Possible follow-ups>
- RE: Snortcenter2 and Rules update Trevor Benson (Jan 21)
  - Re: Snortcenter2 and Rules update Wes Young (Jan 21)
- RE: Snortcenter2 and Rules update Trevor Benson (Jan 21)
  - Re: Snortcenter2 and Rules update Wes Young (Jan 21)
- RE: Snortcenter2 and Rules update Trevor Benson (Jan 21)
  - Re: Snortcenter2 and Rules update Wes Young (Jan 21)
- RE: Snortcenter2 and Rules update Trevor Benson (Jan 21)
- RE: Snortcenter2 and Rules update John Hally (Jan 24)