Snort mailing list archives

RE: Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC?

From: "Keith Loyd" <Keith () Loyd com>
Date: Wed, 28 Apr 2004 18:10:58 -0500

Start a SQL trace and watch what is going on in the MS SQL side...you might
find a clue by reading through that.  Also check you MS SQL Error Log file
for other ideas.  I don't know much about Unix ODBC but can tell you a DB
trace will let you know if something is not configured correctly on the MS
end.

Keith

www.ntsug.org

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of McCash, John
Sent: Wednesday, April 28, 2004 4:10 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Are there known bugs in the odbc output plugin WRT
FreeTDS and unixODBC?

Marty, please lend us your wisdom...

I've been trying to get snort logging into a MS SQL 2000 database for a bit
now, and I've hit something that may be a bug, but I'm not sure in what.
I've got the database set up on the MS side using the supplied schema files,
and I have unixODBC and FreeTDS configured to talk to it. I can use the isql
application that comes with unixODBC to make queries against those parts of
the database that are populated (services, flags, etc.)  I can also use it
to insert entries and tables, as I confirmed by deleting the flags table,
and reconstituting it using isql. Unfortunately, no matter what I do, I
still get the same message when I start up snort.

"Apr 28 15:39:15 aopsecurityserver snort: database: Problem obtaining SENSOR
ID (sid) from AOPSECDB->sensor
Apr 28 15:39:15 aopsecurityserver snort: FATAL ERROR:   When this plugin
starts, a SELECT query is run to find the sensor id for the
  currently running sensor. If the sensor id is not found, the plugin will
run  an INSERT query to insert the proper data and genera
te a new sensor id. Then a  SELECT query is run to get the newly allocated
sensor id. If that fails then  this error message is gene
rated.   Some possible causes for this error are:   * the user does not have
proper INSERT or SELECT privileges   * the sensor table
 does not exist   If you are _absolutely_ certain that you have the proper
privileges set and  that your database structure is built
 properly please let me know if you  continue to get this error. You can
contact me at (roman () danyliw com).
Apr 28 15:39:15 aopsecurityserver kernel: device eth0 left promiscuous mode"

This seems to me to be a bug in the odbc output plugin, but may be a problem
with unixODBC or FreeTDS. Does anyone have enough experience in this area to
tell me how to debug this further?
                Thanks
                        John
----------------------------------------------------------------------------
--------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
----------------------------------------------------------------------------
--------------------
[mf2]


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id149&alloc_id66&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? McCash, John (Apr 28)
- RE: Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? Keith Loyd (Apr 28)
- <Possible follow-ups>
- RE: Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? McCash, John (Apr 30)