Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 1.9 --with-postgresql

From: Demetri Mouratis <dmourati () cm math uiuc edu>
Date: Fri, 17 Jan 2003 14:20:39 -0600 (CST)
Anyone out here having any success with Snort 1.9 comiled with support for
postgres logging?  I was running fine on a 1.86 snort install but decided
to upgrade today and am running into a few problems.

1.      snort-1.9.0.tar.gz source, compiles file but hangs at runtime
trying to log to postgres.  This issue was experienced by at least a few
folks according to the archives:

http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=snort+1.9+postgres+problem&q=b


From syslog onmy snort box:


Jan 17 12:47:06 netmonitor01 snort: database: postgresql_error: ERROR:
ExecAppend: Fail to add null value in not null attribute last_cid
Jan 17 12:47:06 netmonitor01 snort: database: Problem obtaining SENSOR ID
(sid) from snort->sensor
Jan 17 12:47:06 netmonitor01 snort: FATAL ERROR:   When this plugin
starts, a SELECT query is run to find the sensor id for the  currently
running sensor. If the sensor id is not found, the plugin will run  an
INSERT query to insert the proper data and generate a new sensor id. Then
a  SELECT query is run to get the newly allocated sensor id. If that fails
then  this error message is generated.   Some possible causes for this
error are:   * the user does not have proper INSERT or SELECT privileges
* the sensor table does not exist   If you are _absolutely_ certain that
you have the proper privileges set and  that your database structure is
built properly please let me know if you  continue to get this error. You
can contact me at (roman () danyliw com).

Database privileges are not the issue:

snort=# insert into sensor (hostname,last_cid) values('dummyhost',9999);
INSERT 1549192 1
snort=# select * from sensor;
 sid | hostname  | interface | filter | detail | encoding | last_cid
-----+-----------+-----------+--------+--------+----------+----------
  10 | dummyhost |           |        |        |          |     9999
(1 row)


The only solution given in the archives was to go the the latest CVS.

2.      snort-stable.tar.gz source, wont compile.  It hangs on sprintf.c:

gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-DENABLE_POSTGRESQL  -g -O2 -Wall -c `test -f 'snprintf.c' || echo
'./'`snprintf.c
snprintf.c: In function `sm_dopr':
snprintf.c:153: conflicting types for `sys_errlist'
/usr/include/stdio.h:554: previous declaration of `sys_errlist'
make[3]: *** [snprintf.o] Error 1
make[3]: Leaving directory `/opt/snort-stable/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/opt/snort-stable/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/opt/snort-stable'
make: *** [all] Error 2

Any pointers on getting either the stock 1.9 or the CVS snort-stable to
compile and run correctly greatly appreciated.

Thanks.
---------------------------------------------------------------------
Demetri Mouratis
dmourati () linfactory com



-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will
allow you to extend the highest allowed 128 bit encryption to all your 
clients even if they use browsers that are limited to 40 bit encryption. 
Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: