Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SNORTt and MsSQL - don't know w/c to point the error at :-)

From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Thu, 21 Feb 2002 23:25:14 -0600
This is weird. When I run snort, it is able to populate the sensor table in microsoft mssql via odbc.
Btw, my snort is on a separate box, freebsd and sql is on MsSQL.

Now, I couldn't tell where the problem is coming from.

I tested isql -v snort-dns snortadmin password then executed 
SELECT sid FROM sensor WHERE hostname = '192.168.0.115' AND interface = 'fxp0' AND detail = '1' AND encoding = '0' AND 
filter IS NULL

It gave me a table which contains the sid number.

This means that snortadmin account has a select perms. I also tried
insert into sensor(hostname) values ('192.168.0.120') and I was able
to insert it. So this means, that I don't have any permission problems
like what this link is telling us. http://www.incident.org/snortdb/ item #4

There must be something wrong with snort's database functionality.

Upon reading this link, http://www.easysoft.com/products/2002/snort.phtml
It says that spo_database.c contains an error and snorts need to be patched.
Problem is, I couldn't find the patch.

Do you guys have any idea on how to fix this error?

Please help.

Thanks in advance.

Neil

----snip------
database: compiled support for ( odbc )
database: configured to use odbc
database:          user = snortadmin
database: password is set
database: database name = snortdb
database:   sensor name = 192.168.0.115
query = SELECT sid FROM sensor WHERE hostname = '192.168.0.115' AND interface = 'fxp0' AND detail = '1' AND encoding = 
'0' AND filter IS NULL
query = INSERT INTO sensor (hostname, interface, detail, encoding) VALUES ('192.168.0.115','fxp0','1','0')
query = SELECT sid FROM sensor WHERE hostname = '192.168.0.115' AND interface = 'fxp0' AND detail = '1' AND encoding = 
'0' AND filter IS NULL
database: Problem obtaining SENSOR ID (sid) from odbc->snortdb->sensor

 When this plugin starts, a SELECT query is run to find the sensor id for the
 currently running sensor. If the sensor id is not found, the plugin will run
 an INSERT query to insert the proper data and generate a new sensor id. Then a
 SELECT query is run to get the newly allocated sensor id. If that fails then
 this error message is generated.
------snip-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: