RE: MYSQL Error on Windows XP snort install

["Michael Steele" <michaels () winsnort com>]

jpb,

He is not even getting that far. 

Cheers...

-The WINSNORT.com Management Team
-- 
 Pick up your FREE Windows or UNIX Snort installation guides       
 mailto:support () winsnort com
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin () lists sourceforge net [mailto:snort-users-
> admin () lists sourceforge net] On Behalf Of Jim Brown
> Sent: Tuesday, December 02, 2003 8:13 PM
> To: 'snort-users () lists sourceforge net'
> Subject: Re: [Snort-users] MYSQL Error on Windows XP snort install
>
> * Bright, Mark IT2 <mbrigh () lincoln navy mil> [2003-12-02 22:38]:
> > I don't have an account with Winsnort so I'm not quite sure what you
> mean by
> > master and slave sensors. I'm running a Win2k Professional box with
> MySQL
> > 4.0.15 and ACID v0.9.6b23 (schema v106) as my central logging server. I
> have
> > 5 sensors mostly on NT Server machines running Snort v2.0.5 successfully
> > logging to MySQL, 2 error'ing out with the same problem (Posted below).
> So
> > far I've tried to re-install Snort, upgrade it, use root as well as
> snort
> > users, checked and re-checked permissions, and checked and re-checked my
> > snort.conf file. I've found quite a few posts to the snort-users list
> > regarding this error but haven't seen a fix. I also e-mailed Mr. Danyliw
> and
> > I'm awaiting to hear his input. There have been some posts that point
> the
> > cause at the sensor name. If that's the case, I really don't know how to
> fix
> > it. I'm leaning in the direction of a permissions problem, but from what
> I
> > can tell, they look just fine, and my other sensors work great. Any help
> > would be greatly appreciated...
> >
> > Here's my error:
> >
> > Here's my snort.conf output line:
> > output database: log, mysql, user=snort dbname=snort host=205.60.5.35
> >
> > Here's the error from Snort:
> >
> > database: compiled support for ( mysql odbc )
> > database: configured to use mysql
> > database: database name = snort
> > database:          user = snort
> > database:          host = 205.60.5.35
> > database:   sensor name = CVN72UFS01:\
> > database: mysql_error: You have an error in your SQL syntax.  Check the
> > manual t
> > hat corresponds to your MySQL server version for the right syntax to use
> > near '\
> > ' AND detail = '1' AND encoding = '0' AND filter IS NULL' at l
> > database: mysql_error: You have an error in your SQL syntax.  Check the
> > manual t
> > hat corresponds to your MySQL server version for the right syntax to use
> > near '\
> > ','1','0', '0')' at line 1
> > SQL=INSERT INTO sensor (hostname, interface, detail, encoding, last_cid)
> > VALUES
> > ('CVN72UFS01:\','\','1','0', '0')
> > database: mysql_error: You have an error in your SQL syntax.  Check the
> > manual t
> > hat corresponds to your MySQL server version for the right syntax to use
> > near '\
> > ' AND detail = '1' AND encoding = '0' AND filter IS NULL' at l
> > database: Problem obtaining SENSOR ID (sid) from Snort->sensor
> > ERROR:
> >  When this plugin starts, a SELECT query is run to find the sensor id
> for
> > the
> >  currently running sensor. If the sensor id is not found, the plugin
> will
> > run
> >  an INSERT query to insert the proper data and generate a new sensor id.
> > Then a
> >  SELECT query is run to get the newly allocated sensor id. If that fails
> > then
> >  this error message is generated.
> >
> >  Some possible causes for this error are:
> >   * the user does not have proper INSERT or SELECT privileges
> >   * the sensor table does not exist
> >
> >  If you are _absolutely_ certain that you have the proper privileges set
> and
> >  that your database structure is built properly please let me know if
> you
> >  continue to get this error. You can contact me at (roman () danyliw com).
> >
> > ~Mark
>
>
>
> Disclaimer- I don't run ACID and never have.  So what I'm about
> to say could be a total crock of, uh, stuff. I do know a fair
> amount of SQL however.
>
> I'm looking at the line:
>
>   SQL=INSERT INTO sensor (hostname, interface, detail, encoding, last_cid)
>   VALUES
>   ('CVN72UFS01:\','\','1','0', '0')
>                ^^
>
> and what I see is an escaped single quote which is very likely
> throwing the SQL parser off.  Try either a double backslash or
> renaming without the single backslash- i.e.
>
>  ('CVN72UFS01:\\','\','1','0', '0')
>
> or
>
>  ('CVN72UFS01:','\','1','0', '0')
>
>
>
> In fact, you should be able to test this directly in the MySQL
> monitor.
>
> If you get a similar error on the next escaped backslash
> try:
>
>  ('CVN72UFS01:\\','\\','1','0', '0')
>
>
>
> Best Regards,
> jpb
> ===
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by OSDN's Audience Survey.
> Help shape OSDN's sites and tell us what you think. Take this
> five minute survey and you could win a $250 Gift Certificate.
> http://www.wrgsurveys.com/2003/osdntech03.php?site=8
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users