Snort mailing list archives

Re: snort-2.8.0.2. Bug in MySQL?

From: Jack Pepper <pepperjack () afferentsecurity com>
Date: Thu, 13 Mar 2008 07:41:28 -0500

Quoting salomon.riedo () post ch:

Hey JJC

Thanks for your response.
--> i doesn't have lots of data, so i think, that i don't need barnyard
... I think, that this is the main reason to use it?
--> Primary symptoms:
     Database is Empty (whith the previous version of snort [2.8.0.1] it
ran without any troubles ... )


OK, so no data in the db.
1.  Do you have alert data being reported to the alert log?
   No? : it's not a db problem, it's a dead snort problem.  end.
   Yes? : it's a db output problem.  proceed.

2.  Does the snort.conf file have a mysql output line?
3.  Try to log into mysql using the user id and password specified on  
the output line.
4.  While logged into the database type this command:
       select vseq from schema;
5.  Does it say "107" ?
6.  If not, then the problem is that your old database is not  
compatible with the schema used in snort 2.8 .  The database will need  
to be recreated from scratch.

I hope this helps.  Post back to the list with your progress.

jp

Another solution is using the previous version.

________________________________________________________________________
________




 You should use unified output and use barnyard to read said unified
data and write into mysql.
There are several well documented reasons for this on the web...

JJC



      > I'am relatively new in this group and have an unsolved problem
with
      > logging alerts to a MySQL-DB since the upgrade to Snort
2.8.0.2.
      > If I run the configure-script: # ./configure --with-mysql,
there are no
      > errors.
      >sql
      > My questions:
      > - Are there any essential changes on the new version?
      > - Could it be, that the problem is on my running-system
(OpenSuse10.3)?
      >


      what is the primary symptom?

      Snort wont build?
      Snort wont run?
      Database is Empty?





      > Thx
      > Salomon




-- 

Framework?  I don't need no stinking framework!

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort-2.8.0.2. Bug in MySQL? salomon.riedo (Mar 12)
- Re: snort-2.8.0.2. Bug in MySQL? Jack Pepper (Mar 12)
  - Re: snort-2.8.0.2. Bug in MySQL? JJC (Mar 12)
    - Re: snort-2.8.0.2. Bug in MySQL? salomon.riedo (Mar 13)
    - Re: snort-2.8.0.2. Bug in MySQL? Jack Pepper (Mar 13)