Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Problem creating last_cid, snort 1.9 PGSQL 7.2, new database, correct perms.

From: Eli Stair <estair () tardis ath cx>
Date: Tue, 29 Oct 2002 15:34:11 -0500
I'm having an issue with getting 1.9 to log to my Postgres 7.2 database. I've
just upgraded, created a new database with the new schema, set the snort user to
the permissions listed at andrew.cmu.edu/~rdanyliw/snort/snortdb/snortdb_install.html

It appears snort cannot set the SID, but I cannot figure out why.  I had this issue
with 1.8.7 initially, and just gave snort "superuser" privs. for the first run,
that settled it.  Now, I have tried that and giving _FULL_ specific privs, to
no avail.  Startup logs follow:

~postgres
Oct 29 10:14:29 tardis postgres[20065]: [1] DEBUG:  connection: host=127.0.0.1 user=snort database=snort
Oct 29 10:14:29 tardis postgres[20065]: [2] ERROR:  ExecAppend: Fail to add null value in not null attribute last_cid
Oct 29 10:14:29 tardis postgres[20065]: [3] DEBUG:  pq_recvbuf: unexpected EOF on client connection

~snort
Oct 29 10:14:29 tardis snort: database: postgresql_error: ERROR:  ExecAppend: Fail to add null value in not null 
attribute last_cid  
Oct 29 10:14:29 tardis snort: database: Problem obtaining SENSOR ID (sid) from snort->sensor 
Oct 29 10:14:29 tardis snort: FATAL ERROR:   When this plugin starts, a SELECT query is run
 to find the sensor id for the  currently running sensor. If the sensor id is not found, th
e plugin will run  an INSERT query to insert the proper data and generate a new sensor id. 
Then a  SELECT query is run to get the newly allocated sensor id. If that fails then  this 
error message is generated.   Some possible causes for this error are:   * the user does no
t have proper INSERT or SELECT privileges   * the sensor table does not exist   If you are 
_absolutely_ certain that you have the proper privileges set and  that your database struct
ure is built properly please let me know if you  continue to get this error. You can contac
t me at (roman () danyliw com).  
~
The system I'm running has kernel 2.4.19, snort 1.9, postgresql 7.2.2.  
Any help or suggestions much appreciated.


Thanks,

/eli


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: