OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ronneil Camara (ronneilcremingtonltd.com)
Date: Thu Feb 21 2002 - 23:25:14 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This is weird. When I run snort, it is able to populate the sensor table in microsoft mssql via odbc.
    Btw, my snort is on a separate box, freebsd and sql is on MsSQL.

    Now, I couldn't tell where the problem is coming from.

    I tested isql -v snort-dns snortadmin password then executed
    SELECT sid FROM sensor WHERE hostname = '192.168.0.115' AND interface = 'fxp0' AND detail = '1' AND encoding = '0' AND filter IS NULL

    It gave me a table which contains the sid number.

    This means that snortadmin account has a select perms. I also tried
    insert into sensor(hostname) values ('192.168.0.120') and I was able
    to insert it. So this means, that I don't have any permission problems
    like what this link is telling us. http://www.incident.org/snortdb/ item #4

    There must be something wrong with snort's database functionality.

    Upon reading this link, http://www.easysoft.com/products/2002/snort.phtml
    It says that spo_database.c contains an error and snorts need to be patched.
    Problem is, I couldn't find the patch.

    Do you guys have any idea on how to fix this error?

    Please help.

    Thanks in advance.

    Neil

    ----snip------
    database: compiled support for ( odbc )
    database: configured to use odbc
    database: user = snortadmin
    database: password is set
    database: database name = snortdb
    database: sensor name = 192.168.0.115
    query = SELECT sid FROM sensor WHERE hostname = '192.168.0.115' AND interface = 'fxp0' AND detail = '1' AND encoding = '0' AND filter IS NULL
    query = INSERT INTO sensor (hostname, interface, detail, encoding) VALUES ('192.168.0.115','fxp0','1','0')
    query = SELECT sid FROM sensor WHERE hostname = '192.168.0.115' AND interface = 'fxp0' AND detail = '1' AND encoding = '0' AND filter IS NULL
    database: Problem obtaining SENSOR ID (sid) from odbc->snortdb->sensor

     When this plugin starts, a SELECT query is run to find the sensor id for the
     currently running sensor. If the sensor id is not found, the plugin will run
     an INSERT query to insert the proper data and generate a new sensor id. Then a
     SELECT query is run to get the newly allocated sensor id. If that fails then
     this error message is generated.
    ------snip-----

    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users