Snort mailing list archives

Re: snort with Oracle

From: Gongya Yu <yu () gongya net>
Date: Fri, 25 Jan 2002 19:57:12 -0800

Hi, thanks so much for your feedback.

I still can't make it work.

I even added the following code just before the OCIInitialize.
          putenv("ORACLE_HOME=/app02/oracle8.1.7");
          putenv("TNS_ADMIN=/app02/oracle8.1.7/network/admin");
          putenv("ORACLE_SID=dream");
Here is the output from env command
......
ORACLE_SID=dream
ORACLE_HOME=/app02/oracle8.1.7
ORACLE_BASE=/app02/oracle8.1.7
TNS_ADMIN=/app02/oracle8.1.7/network/admin

I can use sqlplus to connect to database. So I guess the environment
variables are right.

Here is the output from running snort
..............
Back Orifice detection brute force: DISABLED
Using LOCAL time
database: compiled support for ( oracle )
database: configured to use oracle
database:          user = snort
database: password is set
database: database name = dream
database:   sensor name = 192.168.1.5
ORACLE_HOME = /app02/oracle8.1.7
TNS_ADMIN = /app02/oracle8.1.7/network/admin
ORACLE_SID= dream
database: oracle_error: Error while trying to retrieve text for error
ORA-12154

database: Connection to database 'dream' failed
Fatal Error, Quitting..

Also in the original code from spo_database.c copied in the following.
if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL) ||
         OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) ||
         OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) ||
         OCIHandleAlloc(data->o_environment, (dvoid **)&data->o_error,
OCI_HTYPE_ERROR, (size_t) 0, NULL) ||
         OCILogon(data->o_environment, data->o_error,
&data->o_servicecontext,data->user, strlen(data->user), data->password,
strlen(data->password), data->shared->dbname,
strlen(data->shared->dbname)) ||
         OCIHandleAlloc(data->o_environment, (dvoid
**)&data->o_statement, OCI_HTYPE_STMT, 0, NULL))
      {
         OCIErrorGet(data->o_error, 1, NULL, &data->o_errorcode,
data->o_errormsg, sizeof(data->o_errormsg), OCI_HTYPE_ERROR);
         ErrorMessage("database: oracle_error: %s\n", data->o_errormsg);

         FatalError("database: Connection to database '%s' failed\n",
data->shared->dbname);
      }

Is there an extra OCIEnvInit or should be like that ?

Anyway to print the elements of OCIEnv struct?

I really appreciate any suggestions.
Melvin Robinson wrote:


I have had this error before and it usually involves the Oracle
environment variables not being set correctly for some reason or
another.  The ones to make sure that you have set properly are
ORACLE_SID and ORACLE_HOME.
Gongya Yu <yu () gongya net>
Sent by: snort-users-admin () lists sourceforge net
01/24/2002 10:32 PM PST

To: snort-users () lists sourceforge net
cc:
bcc:
Subject: [Snort-users] snort with Oracle



Hi, anyone has succeeded in using Oracle as snort output plugin ? I am

trying to use Oracle, but it failed to connect to Oracle with the
following messages;

database: compiled support for ( oracle )
database: configured to use oracle
database:          user = snort
database: password is set
database: database name = DREAM
database:   sensor name = 192.168.1.5

database: oracle_error: Error while trying to retrieve text for error
ORA-12154

database: Connection to database 'DREAM' failed
Fatal Error, Quitting..

After checking the source code, I located the problem in
spo_database.c

#ifdef ENABLE_ORACLE
   if(!strcasecmp(data->shared->dbtype,ORACLE))
   {
     if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL) ||
        OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) ||
        OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) ||
        OCIHandleAlloc(data->o_environment, (dvoid **)&data->o_error,
OCI_HTYPE_ERROR, (size_t) 0, NULL) ||
        OCILogon(data->o_environment, data->o_error,
&data->o_servicecontext,
data->user, strlen(data->user), data->password,
strlen(data->password),
data->shared->dbname, strlen(data->shared->dbname)) ||
        OCIHandleAlloc(data->o_environment, (dvoid
**)&data->o_statement, OCI_HTYPE_STMT, 0, NULL))
     {
        OCIErrorGet(data->o_error, 1, NULL, &data->o_errorcode,
data->o_errormsg, sizeof(data->o_errormsg), OCI_HTYPE_ERROR);
        ErrorMessage("database: oracle_error: %s\n",
data->o_errormsg);

        FatalError("database: Connection to database '%s' failed\n",
data->shared->dbname);
     }
   }
#endif

Question 1:  OCIEnvInit(&data->o_environment, OCI_DEFAULT, 0, NULL) ||

is extra ?

Question 2: Do I have to use OCIEnvCreate to replace OCIInitialize and

OCIEnvInit if I use Oracle 8.1.7. I read the documentation that says
the
OCIInitialize and OCI EnvInit still can be used as backward.

thanks in advanced !!




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort with Oracle Gongya Yu (Dec 26)
- <Possible follow-ups>
- Re: snort with Oracle Gongya Yu (Dec 27)
- Re: snort with Oracle william . c . gercken (Dec 28)
  - Re: snort with Oracle Gongya Yu (Dec 28)
- RE: snort with Oracle Robert D. Hughes (Dec 30)