Snort mailing list archives
RE: snort and ODBC
From: "McCash, John" <John.McCash () andrew com>
Date: Fri, 27 May 2005 09:31:15 -0500
Jonathan, My really bad... Your email came just before I left for the SANS conference, and what with all of the preparation, recovery, and our many current (understaffed) initiatives, I'm still digging out. The short answer is no. The code is out there, and the guy who wrote the original patch says it's an easy fix. In fact, at one point, the developer (Hi Chris!) had put together a preliminary official patch. Unfortunately it didn't work. I had mediated email between the two, but Chris has been busy with other things, and I haven't heard from him since December of 04. Chris, Any hope here? Any at all? Please...? Pretty Please...? I've been really really patient... John McCash ________________________________ From: Jonathan_Hays () tax state ny us [mailto:Jonathan_Hays () tax state ny us] Sent: Monday, March 28, 2005 11:11 AM To: McCash, John Subject: snort and ODBC Hi John, I saw your post on Neohapsis and since I'm going through a similar experience (Snort currently working with MySQL, boss wants MS SQL) I'm wondering whether this got fixed. I'm trying to connect under Linux running Snort 2.3.2 but get the same error reported by Paul (see below). Thanks, Jonathan Hays NYSDTF Network Security = = = = = LOCATION: Neohapsis / Archives / Snort Discuss / Message Index / Message #0165 RE: [Snort-users] Snort 2.2.0, MS-SQL Server 2000, ODBC From: McCash, John (John.McCashandrew.com) Date: Thu Sep 09 2004 - 11:57:35 CDT Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] ------------------------------------------------------------------------ -------- Hi Paul, Ahh! A subject near and dear to my heart! This is currently being worked on, I just believe it's not being treated as a priority. There was a patch posted to one of the lists last November for snort-2.0.2, to make it work with unixodbc and freetds (which you're going to need), however it can't be applied to the current version. Through various cajoling, prodding, and outright begging, I got the current database output plugin developer Chris Reid (Hi Chris! Are you out there? See there's more interest in this than just me!) to work on including it. Unfortunately, his first cut at it didn't work, and then he promptly had a second child (actually I suppose it was his wife). That was back in April. Since then, he's been busy with other things, and seems to be having Linux install issues to boot. I believe his development platform of choice is one of the BSDs. I've sent his first cut at a patched plugin to the guy who originally wrote the patch, and he sent back a list of things he needs to do to make it work (in July), which I forwarded to Chris. I got a note from him 8/10 that indicates that he's been really busy, but hopes to get back to working on this Real-Soon-Now(tm). And now you know - the rest of the story... John -----Original Message----- From: snort-users-adminlists.sourceforge.net [mailto:snort-users-adminlists.sourceforge.net] On Behalf Of Paul Martin Sent: Wednesday, September 08, 2004 12:54 PM To: Snort-userslists.sourceforge.net Subject: [Snort-users] Snort 2.2.0, MS-SQL Server 2000, ODBC I've installed Snort/Apache/RH/MySQL according to Patrick Harper's HOWTO on the Snort page, and everything's been working just fine. Unfortunately, now the PTBs want to migrate our databases to MSSQL as opposed to MySQL. I understand that Snort does not support MSSQL natively under linux, and as such, I need to use the ODBC option. I've recompiled Snort with ODBC support, with no problem. I compiled and installed the ODBC interface from www.unixodbc.org, which make'd and installed just fine. However, now I need to configure it so that the ODBC will communicate with the MSSQL server. The instructions say that it is very similar to the Data Sources: ODBC under windows. The only problem is that I am running this Snort server sans WM. No GUI. So I have to configure this beast command-line. Or do I? All I know is that whenever I run "snort -c /etc/snort/snort.conf", I get: ERROR: database: ODBC unable to connect. Fatal Error, Quitting.. Any advice? This is driving me nuts. -- Paul Martin Network Technician Hilton Grand Vacations Co. (407) 393-3034 pmartinhgvc.com ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-userslists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------ ------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------ ------------------------ [mf2] ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php _______________________________________________ Snort-users mailing list Snort-userslists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------ -------- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Portions of this site are copyright 1998-2003, Neohapsis, Inc. Questions, comments or feedback, send E-mail to webmaster neohapsis.com ------------------------------------------------------------------------------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------------------------------ [mf2]
Current thread:
- RE: snort and ODBC McCash, John (May 27)
- RE: snort and ODBC Jonathan_Hays (May 27)