NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2003-07

Re: [Snort-users] Error on postgresql logging

From: Dilan Arumainathan (dilan.atelus.net)
Date: Wed Jul 02 2003 - 00:55:50 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Frank,
I just rechecked my configs and it was actually set to odbc instead of
postgresql and still this error shows up.

output database: log, odbc, dbname=snort user=<removed> password=<removed>

This only complicates things, but if I am using odbc should I still have
postgresql support built in.

thanks
dilan

----- Original Message -----
From: "Frank Knobbe" <fknobbeknobbeits.com>
To: "Dilan" <dilan.atelus.net>
Cc: <snort-userslists.sourceforge.net>
Sent: Monday, June 30, 2003 4:47 PM
Subject: [spam] Re: [Snort-users] Error on postgresql logging
On Mon, 2003-06-30 at 17:01, Dilan wrote:
>> Hi,
>>I have just setup Snort 2.0 with Postgresql 7.3 running on WinXP. Although
>> Snort starts and runs without a problem when it tries to log to the
database
>>the following error shows up in the postgresql log.
>>
>>ERROR: Bad timestamp external representation '2003-06-30 21:21:13-77838'
>>WARNING: ROLLBACK: no transaction in progress
>>
>> I have tried a "select '2003-06-30 21:21:13'::timestamp" in psql and it
works
>> fine but as soon as I add the -77838 part it fails. I have tried starting
snort
>> with and without -U option and it still tries to log the time in the
above
>> format. Is there a way to fix this?
>>

>The timestamp format should be yyyy-mm-dd hh:mm:ss.micr-tz. After the
>seconds should be a dot before the microseconds. That's at least the
>Postgres time stamp which I believe adheres to ISO-8601 specs. You have
>listed a - which is wrong. At the very end is a dash followed by the
>timezone. Your timestamp look like a MS SQL specific implementation...

>Ah.. while reviewing the code, it looks like you might be using a
>version of Snort that was written for MS SQL, not Postgres. Try the
>Postgres version of Snort. You may have to compile one yourself (dunno
>if Michael offers Postgres on the WinSnort web site).

>Regards,
>Frank

-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]