|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] Bug(?): mysql reserved name usage
From: Wes Young (wcyoung
buffalo.edu)
Date: Thu Sep 22 2005 - 08:01:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I thought we brought this up back in june?
(http://archives.neohapsis.com/archives/snort/2005-06/0132.html)
Has no one fixed it yet??
kliaaennetscape.net wrote:
> Hello
>
> [Please bear in mind that I'm not much of a programmer and that if this issue has been addressed already I'm just too thick to find it:)]
>
> After upgrading to Snort 2.4.1 I discovered that when starting Snort it would die with a message about an incorrect DB schema version.
> I deleted and re-created the database and when importing the SQL from schemas/create_mysql the database choked on a syntax error in the script. According to [http://dev.mysql.com/doc/mysql/en/reserved-words.html] the word SCHEMA is reserved and must be enclosed in quotes to be used.
>
> This is solved by changing the syntax in schemas/create_mysql from "CREATE TABLE schema (...)" to "CREATE TABLE `schema` (...)" on line 23 and "INSERT INTO schema (...)" to "INSERT INTO `schema` (...)" on line 26.
>
> To make Snort recognize the schema version it must be told to correctly quote the query on the schema table. There are already exceptions made for MS SQL in src/output-plugins/spo_database.c around line 1915.
> I made the following addition at line 1933 (after the default schema query syntax) in the function CheckDBVersion(DatabaseData * data):
> ---
> if (data->shared->dbtype_id == DB_MYSQL)
> {
> snprintf(select0,MAX_QUERY_LENGTH,
> "SELECT vseq"
> " FROM `schema`");
> }
> ---
>
> This overwrites the SQL query if the database is Mysql.
> By making these simple changes Snort compiles cleanly and runs without problems.
>
> I'm sure the Snort developers/maintainers can make a more suitable fix than the one I've outlined above.
>
> Cheers!
>
> __________________________________________________________________
> Switch to Netscape Internet Service.
> As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
>
> Netscape. Just the Net You Need.
>
> New! Netscape Toolbar for Internet Explorer
> Search from anywhere on the Web and block those annoying pop-ups.
> Download now at http://channels.netscape.com/ns/search/install.jsp
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App Server. Download
> it for free - -and be entered to win a 42" plasma tv or your very own
> Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
--
Wes Young
Network Security Analyst
University at Buffalo
-----------------------------------------------
| My Security Blog: | http://tinyurl.com/9av4k |
| My RSS: | http://tinyurl.com/ceopv |
| My Life: | http://tinyurl.com/l18g |
-----------------------------------------------
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]