Re: Snort 1.9.0 on Windows and MSSQL

["Jarret Gibson" <jarret () osa comax com>]

MessageI switched down to the 1.8.7 build with MS SQL support on Silicon Defense's site and managed to get everything 
up and running on my system.  Never could figure out how to compile one of the 1.9 betas with MS SQL support using 
Visual C++, though. 

The latest ACID version is up and running with my setup, as well.  I'm noticing, though, that ACID is reporting much 
MUCH fewer alerts than I was getting with the 1.9 versions doing basic directory logging and SnortSnarf.

Any reason for this?  Maybe the rule set needs to be updated?

Jarret Gibson

  ----- Original Message ----- 
  From: Steve Pearson 
  To: snort-users () lists sourceforge net 
  Sent: Thursday, October 24, 2002 9:04 PM
  Subject: RE: [Snort-users] Snort 1.9.0 on Windows and MSSQL


  This is the identical symptoms I had, too, so I suspect it is a problem with the compiled release of Snort 1.9. I 
went back to 1.8.x and it fixed the problem.

  Steve

    -----Original Message-----
    From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
Robbins, Mark
    Sent: Thursday, October 24, 2002 11:44 AM
    To: snort-users () lists sourceforge net
    Subject: [Snort-users] Snort 1.9.0 on Windows and MSSQL


    Has anyone gotten Snort 1.9.0 to log to an MSSQL database with the available (compiled) executables? 

    I am getting the error message 

    database: SQL Server message 156, state 1, severity 15:
    Incorrect syntax near the keyword 'schema'. 
    database: The above error was caused by the following statement:
    SELECT vseq FROM schema 

    In MSSQL, schema is a reserved word, and the syntax would have to be SELECT vseq FROM [schema] for this to work. I 
have used previous versions of snort to log to MSSQL with no difficulty.

    Could this problem arise from a configuration mistake I have made, or is the problem in snort.exe itself? 

    Thanks for any help you can provide. 

    Mark Robbins