Snort mailing list archives

Re: Snort console errors - MSSQL

From: "Chris Reid" <Chris.Reid () CodeCraftConsultants com>
Date: Fri, 25 Oct 2002 19:28:06 -0600

Jarret,

The database schema creation script for Microsoft SQL Server was recently
updated in the Snort CVS repository.  It fixes the error you are seeing
regarding "TEXT" field datatypes.  Grab the latest copy of "create_mssql"
from here, install it (replacing your current schema), and try running Snort
again:


http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/snort/snort/contrib/create_ms
sql

Chris Reid

----- Original Message -----
From: "Jarret Gibson" <jarret () osa comax com>
To: <snort-users () lists sourceforge net>
Sent: Friday, October 25, 2002 3:40 PM
Subject: [Snort-users] Snort console errors - MSSQL



Running Snort 1.8.7 w/ MSSQL logging, Windows 2000, everything fully
updated.

I've noticed that Snort seems to be logging fewer alerts now that it is
logging to the MSSQL database as opposed to logging to a directory.  In the
Snort console window, I'm seeing errors of this type pop up a decent bit:

----------------------------
database: SQL Server message 306, state 1, severity 16:
        The text, ntext, and image data types cannot be used in the WHERE,
HAVING, or ON clause, except with the LIKE or IS NULL predicates.

Server 'ORANGE', Line 1

database:  The above error was caused by the following statement:
    SELECT ref_id FROM reference WHERE ref_system_id = 3 AND ref_tag = '341'

database: DB-Library error:
        General SQL Server error: Check messages from the SQL Server.

database:  The above error was caused by the following statement:
    SELECT ref_id FROM reference WHERE ref_system_id = 3 AND ref_tag = '341'

database: SQL Server message 306, state 1, severity 16:
        The text, ntext, and image data types cannot be used in the WHERE,
HAVING, or ON clause, except with the LIKE or IS NULL predicates.

Server 'ORANGE', Line 1

database:  The above error was caused by the following statement:
    SELECT ref_id FROM reference WHERE ref_system_id = 3 AND ref_tag = '341'

database: DB-Library error:
        General SQL Server error: Check messages from the SQL Server.

database:  The above error was caused by the following statement:
    SELECT ref_id FROM reference WHERE ref_system_id = 3 AND ref_tag = '341'

database: Unable to insert the alert reference into the DB
----------------------------


It looks like it's failing to update on some of these alerts.  Any ideas on
a fix for this?

Jarret Gibson



-------------------------------------------------------
This sf.net email is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

Snort console errors - MSSQL Jarret Gibson (Oct 25)
- Re: Snort console errors - MSSQL Chris Reid (Oct 25)