|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Addam Schroll (addam_at_purdue.edu)
Date: Fri Oct 04 2002 - 16:12:13 CDT
The Snort database schema was modified about a month ago in the 1.9
branch. The DB inserts may be failing when it attempts to mess with the
new last_cid field. Try upgrading your schema to v106. That may solve
your problem. The instructions for upgrading follow.
From the Changelog:
2002-09-03 Roman Danyliw <roman
danyliw.com>
* src/output-plugin/spo_database.c
- DB schema v106
- Added the sensor.last_cid field to the schema so the
database can store the last used cid for a given sensor.
This field will ensure that a cid will never be reused.
Upgrading from v105 -> v106 is as simple as:
mysql> ALTER TABLE sensor ADD last_cid INT UNSIGNED NOT NULL;
mysql> UPDATE schema SET vseq=106;
psql> ALTER TABLE sensor ADD last_cid INT8;
psql> UPDATE schema SET vseq=106;
Addam
On Fri, 2002-10-04 at 15:14, Beckett, Josh wrote:
> Ok...I was excited by the announcement of 1.9 and went and did a dumb
> thing...upgraded right on a production box. I did my initial setup
> using the doc from the snort website "Snort Installation Manual: Snort,
> MySQL and ACID on RedHat 7.3" (great doc, btw).
>
> Every thing went fine relative to the upgrade, etc. Compiled fine, used
> the new conf file and "current" rules set. Snort seems to be running
> fine, but doesn't seem to want to log to ACID-MySQL. As a
> troubleshooting measure, I set "log to file" on as well as log to db, I
> can see alerts going into a file, but not the db. I've even gone and
> blown away the db's and re-set them up, using the steps outlined in the
> paper. Still no joy.
>
> I've triple checked the snort.conf file for silly things, like bad rules
> path, bad db password and user name and everything seems to be
> fine...still no alerts in the db, but alerts pop up in the file. I've
> even checked the configure.log to make sure that I compiled with the
> --with-mysql switch...good there.
>
> Any other places to check, where I might be having a problem?
>
> Thanks,
> Josh
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]