Snort mailing list archives
Re: v2.8.4 incorrect logging to MySQL
From: Stephen Reese <rsreese () gmail com>
Date: Sat, 11 Apr 2009 18:11:29 -0400
On Sat, Apr 11, 2009 at 3:16 PM, Matt Watchinski <mwatchinski () sourcefire com> wrote:
Turn on mysql query logging and see if snort its trying to insert to those tables. It doesn't looks like much changed in spo_database.c Cheers, -matt
Here's a couple of queries from a ping that Snort picked up on. There
are still no values appearing in the signature or sensor tables.
22 Query INSERT INTO data
(sid,cid,data_payload) VALUES
(1,80,'9614E149E973090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
22 Query COMMIT
22 Query BEGIN
22 Query SELECT sig_id FROM signature
WHERE sig_name = 'ICMP PING' AND sig_rev = 5 AND sig_sid = 384
AND sig_gid = 1
22 Query INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 81, 1, '2009-04-11 18:07:20')
22 Query INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,81,8,0,63192,44111,2)
22 Query INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id,
ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES
(1,81,2886730504,2886730242,4,5,0,84,0,0,0,63,1,56958)
22 Query INSERT INTO data
(sid,cid,data_payload) VALUES
(1,81,'9614E149E973090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
22 Query COMMIT
090411 18:07:21 22 Query BEGIN
22 Query SELECT sig_id FROM signature
WHERE sig_name = 'ICMP PING BSDtype' AND sig_rev = 6 AND sig_sid
= 368 AND sig_gid = 1
22 Query INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 82, 1, '2009-04-11 18:07:21')
22 Query INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,82,8,0,45018,44111,3)
22 Query INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id,
ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES
(1,82,2886730504,2886730242,4,5,0,84,0,0,0,64,1,56702)
22 Query INSERT INTO data
(sid,cid,data_payload) VALUES
(1,82,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
22 Query COMMIT
22 Query BEGIN
22 Query SELECT sig_id FROM signature
WHERE sig_name = 'ICMP PING *NIX' AND sig_rev = 7 AND sig_sid =
366 AND sig_gid = 1
22 Query INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 83, 1, '2009-04-11 18:07:21')
22 Query INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,83,8,0,45018,44111,3)
22 Query INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id,
ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES
(1,83,2886730504,2886730242,4,5,0,84,0,0,0,64,1,56702)
22 Query INSERT INTO data
(sid,cid,data_payload) VALUES
(1,83,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
22 Query COMMIT
22 Query BEGIN
22 Query SELECT sig_id FROM signature
WHERE sig_name = 'ICMP PING' AND sig_rev = 5 AND sig_sid = 384
AND sig_gid = 1
22 Query INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 84, 1, '2009-04-11 18:07:21')
22 Query INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,84,8,0,45018,44111,3)
22 Query INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id,
ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES
(1,84,2886730504,2886730242,4,5,0,84,0,0,0,64,1,56702)
22 Query INSERT INTO data
(sid,cid,data_payload) VALUES
(1,84,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
22 Query COMMIT
22 Query BEGIN
22 Query SELECT sig_id FROM signature
WHERE sig_name = 'ICMP PING BSDtype' AND sig_rev = 6 AND sig_sid
= 368 AND sig_gid = 1
22 Query INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 85, 1, '2009-04-11 18:07:21')
22 Query INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,85,8,0,45018,44111,3)
22 Query INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id,
ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES
(1,85,2886730504,2886730242,4,5,0,84,0,0,0,63,1,56958)
22 Query INSERT INTO data
(sid,cid,data_payload) VALUES
(1,85,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
22 Query COMMIT
22 Query BEGIN
22 Query SELECT sig_id FROM signature
WHERE sig_name = 'ICMP PING *NIX' AND sig_rev = 7 AND sig_sid =
366 AND sig_gid = 1
22 Query INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 86, 1, '2009-04-11 18:07:21')
22 Query INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,86,8,0,45018,44111,3)
22 Query INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen, ip_tos, ip_len, ip_id,
ip_flags, ip_off, ip_ttl, ip_proto, ip_csum) VALUES
(1,86,2886730504,2886730242,4,5,0,84,0,0,0,63,1,56958)
------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- v2.8.4 incorrect logging to MySQL Danny Paul (Apr 10)
- Re: v2.8.4 incorrect logging to MySQL JJ Cummings (Apr 10)
- Re: v2.8.4 incorrect logging to MySQL Danny Paul (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Danny Paul (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Matt Watchinski (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Danny Paul (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL James Lay (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL Danny Paul (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL JJ Cummings (Apr 10)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL Matt Watchinski (Apr 13)
- R: v2.8.4 incorrect logging to MySQL: PATCH snortml (Apr 13)
- Re: R: v2.8.4 incorrect logging to MySQL: PATCH Todd Wease (Apr 13)