Snort mailing list archives
Re: snort-2.8.0.2. Bug in MySQL?
From: Jack Pepper <pepperjack () afferentsecurity com>
Date: Thu, 13 Mar 2008 07:41:28 -0500
Quoting salomon.riedo () post ch:
Hey JJC Thanks for your response. --> i doesn't have lots of data, so i think, that i don't need barnyard ... I think, that this is the main reason to use it? --> Primary symptoms: Database is Empty (whith the previous version of snort [2.8.0.1] it ran without any troubles ... )
OK, so no data in the db. 1. Do you have alert data being reported to the alert log? No? : it's not a db problem, it's a dead snort problem. end. Yes? : it's a db output problem. proceed. 2. Does the snort.conf file have a mysql output line? 3. Try to log into mysql using the user id and password specified on the output line. 4. While logged into the database type this command: select vseq from schema; 5. Does it say "107" ? 6. If not, then the problem is that your old database is not compatible with the schema used in snort 2.8 . The database will need to be recreated from scratch. I hope this helps. Post back to the list with your progress. jp
Another solution is using the previous version. ________________________________________________________________________ ________ You should use unified output and use barnyard to read said unified data and write into mysql. There are several well documented reasons for this on the web... JJC > I'am relatively new in this group and have an unsolved problem with > logging alerts to a MySQL-DB since the upgrade to Snort 2.8.0.2. > If I run the configure-script: # ./configure --with-mysql, there are no > errors. >sql > My questions: > - Are there any essential changes on the new version? > - Could it be, that the problem is on my running-system (OpenSuse10.3)? > what is the primary symptom? Snort wont build? Snort wont run? Database is Empty? > Thx > Salomon
-- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-2.8.0.2. Bug in MySQL? salomon.riedo (Mar 12)
- Re: snort-2.8.0.2. Bug in MySQL? Jack Pepper (Mar 12)
- Re: snort-2.8.0.2. Bug in MySQL? JJC (Mar 12)
- Re: snort-2.8.0.2. Bug in MySQL? salomon.riedo (Mar 13)
- Re: snort-2.8.0.2. Bug in MySQL? Jack Pepper (Mar 13)
- Re: snort-2.8.0.2. Bug in MySQL? JJC (Mar 12)
- Re: snort-2.8.0.2. Bug in MySQL? Jack Pepper (Mar 12)