Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort and ODBC

From: Jonathan_Hays () tax state ny us
Date: Fri, 27 May 2005 12:03:42 -0400
No worries. After beating my brain against this ODBC/MSSQL solution for a 
week and a half I gave up and am happily ensconced in a Linux/MySQL 
solution. At this point, wild horses wouldn't drag me back to a Microsoft 
SQL database.

Thanks for the ressponse,

Jonathan Hays
NYSDTF Network Security




"McCash, John" <John.McCash () andrew com> 
05/27/2005 10:31 AM

To
<Jonathan_Hays () tax state ny us>, "Chris Reid" 
<chris.reid () codecraftconsultants com>, <snort-users () lists sourceforge net>
cc

Subject
RE: snort and ODBC






Jonathan,
            My really bad? Your email came just before I left for the SANS 
conference, and what with all of the preparation, recovery, and our many 
current (understaffed) initiatives, I?m still digging out. The short 
answer is no. The code is out there, and the guy who wrote the original 
patch says it?s an easy fix. In fact, at one point, the developer (Hi 
Chris!) had put together a preliminary official patch. Unfortunately it 
didn?t work. I had mediated email between the two, but Chris has been busy 
with other things, and I haven?t heard from him since December of 04.
 
Chris,
            Any hope here? Any at all? Please?? Pretty Please?? I?ve been 
really really patient?
                        John McCash
 

From: Jonathan_Hays () tax state ny us [mailto:Jonathan_Hays () tax state ny us] 

Sent: Monday, March 28, 2005 11:11 AM
To: McCash, John
Subject: snort and ODBC
 

Hi John, 

I saw your post on Neohapsis and since I'm going through a similar 
experience (Snort currently working with MySQL, boss wants MS SQL) I'm 
wondering whether this got fixed. I'm trying to connect under Linux 
running Snort 2.3.2 but get the same error reported by Paul (see below). 

Thanks, 

Jonathan Hays
NYSDTF Network Security


= = = = = 
 
LOCATION: Neohapsis / Archives / Snort Discuss / Message Index / Message 
#0165   
  
RE: [Snort-users] Snort 2.2.0, MS-SQL Server 2000, ODBC 

From: McCash, John (John.McCashandrew.com) 
Date: Thu Sep 09 2004 - 11:57:35 CDT 

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] 

-------------------------------------------------------------------------------- 


Hi Paul, 
        Ahh! A subject near and dear to my heart! This is currently 
being worked on, I just believe it's not being treated as a priority. 
There was a patch posted to one of the lists last November for 
snort-2.0.2, to make it work with unixodbc and freetds (which you're 
going to need), however it can't be applied to the current version. 
Through various cajoling, prodding, and outright begging, I got the 
current database output plugin developer Chris Reid (Hi Chris! Are you 
out there? See there's more interest in this than just me!) to work on 
including it. Unfortunately, his first cut at it didn't work, and then 
he promptly had a second child (actually I suppose it was his wife). 
That was back in April. Since then, he's been busy with other things, 
and seems to be having Linux install issues to boot. I believe his 
development platform of choice is one of the BSDs. I've sent his first 
cut at a patched plugin to the guy who originally wrote the patch, and 
he sent back a list of things he needs to do to make it work (in July), 
which I forwarded to Chris. I got a note from him 8/10 that indicates 
that he's been really busy, but hopes to get back to working on this 
Real-Soon-Now(tm). 
                And now you know - the rest of the story... 
                        John 


-----Original Message----- 
From: snort-users-adminlists.sourceforge.net 
[mailto:snort-users-adminlists.sourceforge.net] On Behalf Of Paul 
Martin 
Sent: Wednesday, September 08, 2004 12:54 PM 
To: Snort-userslists.sourceforge.net 
Subject: [Snort-users] Snort 2.2.0, MS-SQL Server 2000, ODBC 


I've installed Snort/Apache/RH/MySQL according to Patrick Harper's HOWTO 


on the Snort page, and everything's been working just fine. 
Unfortunately, now the PTBs want to migrate our databases to MSSQL as 
opposed to MySQL. I understand that Snort does not support MSSQL 
natively under linux, and as such, I need to use the ODBC option. I've 
recompiled Snort with ODBC support, with no problem. I compiled and 
installed the ODBC interface from www.unixodbc.org, which make'd and 
installed just fine. However, now I need to configure it so that the 
ODBC will communicate with the MSSQL server. 


The instructions say that it is very similar to the Data Sources: ODBC 
under windows. The only problem is that I am running this Snort server 
sans WM. No GUI. So I have to configure this beast command-line. Or 
do I? All I know is that whenever I run "snort -c 
/etc/snort/snort.conf", I get: 


ERROR: database: ODBC unable to connect. 
Fatal Error, Quitting.. 


Any advice? This is driving me nuts. 


-- 
Paul Martin 
Network Technician 
Hilton Grand Vacations Co. 
(407) 393-3034 
pmartinhgvc.com 




------------------------------------------------------- 
This SF.Net email is sponsored by BEA Weblogic Workshop 
FREE Java Enterprise J2EE developer tools! 
Get your free copy of BEA WebLogic Workshop 8.1 today. 
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click 
_______________________________________________ 
Snort-users mailing list 
Snort-userslists.sourceforge.net 
Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users 


------------------------------------------------------------------------------------------------ 

This message is for the designated recipient only and may 
contain privileged, proprietary, or otherwise private information. 
If you have received it in error, please notify the sender 
immediately and delete the original. Any unauthorized use of 
this email is prohibited. 
------------------------------------------------------------------------------------------------ 

[mf2] 



------------------------------------------------------- 
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 
Project Admins to receive an Apple iPod Mini FREE for your judgement on 
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php 
_______________________________________________ 
Snort-users mailing list 
Snort-userslists.sourceforge.net 
Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users 



-------------------------------------------------------------------------------- 


Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] 
  
 
  
Portions of this site are copyright 1998-2003, Neohapsis, Inc. Questions, 
comments or feedback, send E-mail to webmaster neohapsis.com   

------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information. 
If you have received it in error, please notify the sender
immediately and delete the original. Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]
Previous By Date Next
Previous By Thread Next

Current thread: