Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC?

From: "McCash, John" <John.McCash () andrew com>
Date: Wed, 28 Apr 2004 16:09:32 -0500
Marty, please lend us your wisdom...

I've been trying to get snort logging into a MS SQL 2000 database for a bit now, and I've hit something that may be a 
bug, but I'm not sure in what. I've got the database set up on the MS side using the supplied schema files, and I have 
unixODBC and FreeTDS configured to talk to it. I can use the isql application that comes with unixODBC to make queries 
against those parts of the database that are populated (services, flags, etc.)  I can also use it to insert entries and 
tables, as I confirmed by deleting the flags table, and reconstituting it using isql. Unfortunately, no matter what I 
do, I still get the same message when I start up snort.

"Apr 28 15:39:15 aopsecurityserver snort: database: Problem obtaining SENSOR ID (sid) from AOPSECDB->sensor
Apr 28 15:39:15 aopsecurityserver snort: FATAL ERROR:   When this plugin starts, a SELECT query is run to find the 
sensor id for the
  currently running sensor. If the sensor id is not found, the plugin will run  an INSERT query to insert the proper 
data and genera
te a new sensor id. Then a  SELECT query is run to get the newly allocated sensor id. If that fails then  this error 
message is gene
rated.   Some possible causes for this error are:   * the user does not have proper INSERT or SELECT privileges   * the 
sensor table
 does not exist   If you are _absolutely_ certain that you have the proper privileges set and  that your database 
structure is built
 properly please let me know if you  continue to get this error. You can contact me at (roman () danyliw com).
Apr 28 15:39:15 aopsecurityserver kernel: device eth0 left promiscuous mode"

This seems to me to be a bug in the odbc output plugin, but may be a problem with unixODBC or FreeTDS. Does anyone have 
enough experience in this area to tell me how to debug this further?
                Thanks
                        John
------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: