Snort mailing list archives
RE: Snort Sensors + logging to MSSQL
From: "Paulo Filipe Mira" <paulo.mira () soquimica pt>
Date: Thu, 16 Jan 2003 11:34:44 -0000
Last time i checked, snort didn't have native support for MSSQL, and you had to let unixodbc handle the data. So first of all, you had to set up unixodbc. unixodbc itself needs a driver to be able to talk to MSSQL. I set up a driver called FreeTDS, which comes with a good set of utilities for communicating with MSSQL, including one called isql, which is a command line client similar to osql for Win. I was able to log on to the DB using isql, and issue some queries to the DB, and aparently all was working fine. The schema for what you are trying to do is this: snort ---> unixodbc ---> (some TDS driver) ---> MSSQL However, i was never able to make snort log data to the MSSQL DB: it failed on the very first query, when it queried the DB for the sensors' names. You should search snort-users' archives for my post to the list describing the errors i got. Search for 'mssql freetds' on the subject. All this was back in the 1.8.6/1.8.7 days, so things might have changed since then. I resorted to using mysql, and haven't tried MSSQL since then. Good luck, and let us know if you get somewhere. Paulo Filipe Mira SA Soquimica paulo dot mira at soquimica dot pt
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of shreerang vaidya Sent: quarta-feira, 15 de Janeiro de 2003 12:38 To: snort-users () lists sourceforge net Subject: [Snort-users] Snort Sensors + logging to MSSQL Hi, Hi I am running a couple of snort sensors on redhat 8.0 nodes . I need to log all alerts and data to a central server running WindoZe and MSSQL 2000. I have edited the snort.conf file to enable the necessary changes to log to the MSSQL server. The SQL database has been configured and the necessary database had been created. Do i need to run/enable anything else in order to log to the SQL server? Thank You, Shree. ------------------------------------------------------- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Sensors + logging to MSSQL shreerang vaidya (Jan 15)
- Re: Snort Sensors + logging to MSSQL Erick Mechler (Jan 15)
- RE: Snort Sensors + logging to MSSQL Paulo Filipe Mira (Jan 16)
- <Possible follow-ups>
- RE: Snort Sensors + logging to MSSQL shreerang vaidya (Jan 16)
- Re: Snort Sensors + logging to MSSQL shreerang vaidya (Jan 16)
- RE: Snort Sensors + logging to MSSQL Michael Steele (Jan 16)