Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: R: v2.8.4 incorrect logging to MySQL: PATCH

From: Stephen Reese <rsreese () gmail com>
Date: Mon, 13 Apr 2009 15:15:54 -0400
On Mon, Apr 13, 2009 at 11:07 AM, Todd Wease <twease () sourcefire com> wrote:

Thanks much Luigi.  That is the fix.


snortml () iotti biz wrote:

I'm having exactly the same problem: fresh 2.8.4 install with mysql output:
sensor table never gets inserted a row.

I think I have found the problem and produced a simple patch but please,
revise it: I'm not a coder, and have no particular experience with snort. So
I'm not sure my patch can not have some side-effecs.

That said, the problem seems to be in Select() in
src/output-plugins/spo_database.c , in the portion of the function used with
the mysql db (I did not examine other dbs' code).
This function makes a SQL SELECT and, upon success, returns the fetched
value converted to integer. When it encounters an error, returns 0.
But, as a special case, when the query was successfull but did not yeld any
row, it returns 1. There is no distinction whether the "1" returned was
because the value "1" was fetched from the DB, or simply the DB did not
return any row.
As a consequence, when this code is executed:

    data->shared->sid = Select(select_sensor_id,data);
    if(data->shared->sid == 0)
    {
        Insert(insert_into_sensor,data);

the Select() returns 1, and the Insert() is never done.
So the sensor table remains empty.

My patch is just as simple as:

# diff -ubB spo_database.c.orig spo_database.c
--- spo_database.c.orig      2009-04-13 16:03:49.000000000 +0200
+++ spo_database.c   2009-04-13 15:59:53.000000000 +0200
@@ -2798,6 +2798,14 @@
                     {
                         result = atoi(data->m_row[0]);
                     }
+                    else
+                    {
+                        result = 0;
+                    }
+                }
+                else
+                {
+                    result = 0;
                 }
             }
             mysql_free_result(data->m_result);

I simply return 0 (false) if the query was technically successfull, but no
result was found.



Also worked for me, thanks!

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: