Snort mailing list archives
Re: v2.8.4 incorrect logging to MySQL
From: Stephen Reese <rsreese () gmail com>
Date: Sat, 11 Apr 2009 18:11:29 -0400
On Sat, Apr 11, 2009 at 3:16 PM, Matt Watchinski <mwatchinski () sourcefire com> wrote:
Turn on mysql query logging and see if snort its trying to insert to those tables. It doesn't looks like much changed in spo_database.c Cheers, -matt
Here's a couple of queries from a ping that Snort picked up on. There are still no values appearing in the signature or sensor tables. 22 Query INSERT INTO data (sid,cid,data_payload) VALUES (1,80,'9614E149E973090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637') 22 Query COMMIT 22 Query BEGIN 22 Query SELECT sig_id FROM signature WHERE sig_name = 'ICMP PING' AND sig_rev = 5 AND sig_sid = 384 AND sig_gid = 1 22 Query INSERT INTO event (sid,cid,signature,timestamp) VALUES (1, 81, 1, '2009-04-11 18:07:20') 22 Query INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES (1,81,8,0,63192,44111,2) 22 Query INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES (1,81,2886730504,2886730242,4,5,0,84,0,0,0,63,1,56958) 22 Query INSERT INTO data (sid,cid,data_payload) VALUES (1,81,'9614E149E973090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637') 22 Query COMMIT 090411 18:07:21 22 Query BEGIN 22 Query SELECT sig_id FROM signature WHERE sig_name = 'ICMP PING BSDtype' AND sig_rev = 6 AND sig_sid = 368 AND sig_gid = 1 22 Query INSERT INTO event (sid,cid,signature,timestamp) VALUES (1, 82, 1, '2009-04-11 18:07:21') 22 Query INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES (1,82,8,0,45018,44111,3) 22 Query INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES (1,82,2886730504,2886730242,4,5,0,84,0,0,0,64,1,56702) 22 Query INSERT INTO data (sid,cid,data_payload) VALUES (1,82,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637') 22 Query COMMIT 22 Query BEGIN 22 Query SELECT sig_id FROM signature WHERE sig_name = 'ICMP PING *NIX' AND sig_rev = 7 AND sig_sid = 366 AND sig_gid = 1 22 Query INSERT INTO event (sid,cid,signature,timestamp) VALUES (1, 83, 1, '2009-04-11 18:07:21') 22 Query INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES (1,83,8,0,45018,44111,3) 22 Query INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES (1,83,2886730504,2886730242,4,5,0,84,0,0,0,64,1,56702) 22 Query INSERT INTO data (sid,cid,data_payload) VALUES (1,83,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637') 22 Query COMMIT 22 Query BEGIN 22 Query SELECT sig_id FROM signature WHERE sig_name = 'ICMP PING' AND sig_rev = 5 AND sig_sid = 384 AND sig_gid = 1 22 Query INSERT INTO event (sid,cid,signature,timestamp) VALUES (1, 84, 1, '2009-04-11 18:07:21') 22 Query INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES (1,84,8,0,45018,44111,3) 22 Query INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES (1,84,2886730504,2886730242,4,5,0,84,0,0,0,64,1,56702) 22 Query INSERT INTO data (sid,cid,data_payload) VALUES (1,84,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637') 22 Query COMMIT 22 Query BEGIN 22 Query SELECT sig_id FROM signature WHERE sig_name = 'ICMP PING BSDtype' AND sig_rev = 6 AND sig_sid = 368 AND sig_gid = 1 22 Query INSERT INTO event (sid,cid,signature,timestamp) VALUES (1, 85, 1, '2009-04-11 18:07:21') 22 Query INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES (1,85,8,0,45018,44111,3) 22 Query INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES (1,85,2886730504,2886730242,4,5,0,84,0,0,0,63,1,56958) 22 Query INSERT INTO data (sid,cid,data_payload) VALUES (1,85,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637') 22 Query COMMIT 22 Query BEGIN 22 Query SELECT sig_id FROM signature WHERE sig_name = 'ICMP PING *NIX' AND sig_rev = 7 AND sig_sid = 366 AND sig_gid = 1 22 Query INSERT INTO event (sid,cid,signature,timestamp) VALUES (1, 86, 1, '2009-04-11 18:07:21') 22 Query INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES (1,86,8,0,45018,44111,3) 22 Query INSERT INTO iphdr (sid, cid, ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES (1,86,2886730504,2886730242,4,5,0,84,0,0,0,63,1,56958) ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- v2.8.4 incorrect logging to MySQL Danny Paul (Apr 10)
- Re: v2.8.4 incorrect logging to MySQL JJ Cummings (Apr 10)
- Re: v2.8.4 incorrect logging to MySQL Danny Paul (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Danny Paul (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Matt Watchinski (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Danny Paul (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL James Lay (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL Danny Paul (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL JJ Cummings (Apr 10)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL Matt Watchinski (Apr 13)
- R: v2.8.4 incorrect logging to MySQL: PATCH snortml (Apr 13)
- Re: R: v2.8.4 incorrect logging to MySQL: PATCH Todd Wease (Apr 13)