Snort mailing list archives
Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC?
From: "McCash, John" <John.McCash () andrew com>
Date: Wed, 28 Apr 2004 16:09:32 -0500
Marty, please lend us your wisdom... I've been trying to get snort logging into a MS SQL 2000 database for a bit now, and I've hit something that may be a bug, but I'm not sure in what. I've got the database set up on the MS side using the supplied schema files, and I have unixODBC and FreeTDS configured to talk to it. I can use the isql application that comes with unixODBC to make queries against those parts of the database that are populated (services, flags, etc.) I can also use it to insert entries and tables, as I confirmed by deleting the flags table, and reconstituting it using isql. Unfortunately, no matter what I do, I still get the same message when I start up snort. "Apr 28 15:39:15 aopsecurityserver snort: database: Problem obtaining SENSOR ID (sid) from AOPSECDB->sensor Apr 28 15:39:15 aopsecurityserver snort: FATAL ERROR: When this plugin starts, a SELECT query is run to find the sensor id for the currently running sensor. If the sensor id is not found, the plugin will run an INSERT query to insert the proper data and genera te a new sensor id. Then a SELECT query is run to get the newly allocated sensor id. If that fails then this error message is gene rated. Some possible causes for this error are: * the user does not have proper INSERT or SELECT privileges * the sensor table does not exist If you are _absolutely_ certain that you have the proper privileges set and that your database structure is built properly please let me know if you continue to get this error. You can contact me at (roman () danyliw com). Apr 28 15:39:15 aopsecurityserver kernel: device eth0 left promiscuous mode" This seems to me to be a bug in the odbc output plugin, but may be a problem with unixODBC or FreeTDS. Does anyone have enough experience in this area to tell me how to debug this further? Thanks John ------------------------------------------------------------------------------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------------------------------ [mf2] ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? McCash, John (Apr 28)
- RE: Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? Keith Loyd (Apr 28)
- <Possible follow-ups>
- RE: Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? McCash, John (Apr 30)