Snort mailing list archives
SNORTt and MsSQL - don't know w/c to point the error at :-)
From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Thu, 21 Feb 2002 23:25:14 -0600
This is weird. When I run snort, it is able to populate the sensor table in microsoft mssql via odbc. Btw, my snort is on a separate box, freebsd and sql is on MsSQL. Now, I couldn't tell where the problem is coming from. I tested isql -v snort-dns snortadmin password then executed SELECT sid FROM sensor WHERE hostname = '192.168.0.115' AND interface = 'fxp0' AND detail = '1' AND encoding = '0' AND filter IS NULL It gave me a table which contains the sid number. This means that snortadmin account has a select perms. I also tried insert into sensor(hostname) values ('192.168.0.120') and I was able to insert it. So this means, that I don't have any permission problems like what this link is telling us. http://www.incident.org/snortdb/ item #4 There must be something wrong with snort's database functionality. Upon reading this link, http://www.easysoft.com/products/2002/snort.phtml It says that spo_database.c contains an error and snorts need to be patched. Problem is, I couldn't find the patch. Do you guys have any idea on how to fix this error? Please help. Thanks in advance. Neil ----snip------ database: compiled support for ( odbc ) database: configured to use odbc database: user = snortadmin database: password is set database: database name = snortdb database: sensor name = 192.168.0.115 query = SELECT sid FROM sensor WHERE hostname = '192.168.0.115' AND interface = 'fxp0' AND detail = '1' AND encoding = '0' AND filter IS NULL query = INSERT INTO sensor (hostname, interface, detail, encoding) VALUES ('192.168.0.115','fxp0','1','0') query = SELECT sid FROM sensor WHERE hostname = '192.168.0.115' AND interface = 'fxp0' AND detail = '1' AND encoding = '0' AND filter IS NULL database: Problem obtaining SENSOR ID (sid) from odbc->snortdb->sensor When this plugin starts, a SELECT query is run to find the sensor id for the currently running sensor. If the sensor id is not found, the plugin will run an INSERT query to insert the proper data and generate a new sensor id. Then a SELECT query is run to get the newly allocated sensor id. If that fails then this error message is generated. ------snip----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNORTt and MsSQL - don't know w/c to point the error at :-) Ronneil Camara (Feb 21)