[Snort-devel] Mysql output on mysql (PATCH included)

A/S ScanNet - Dan Faerch dan at ...2754...
Wed Apr 27 06:18:39 EDT 2005


Problem with using the database-output plugin with newer mysqld's.

I use "mysql-standard-5.0.2"..
Ive just compiled snort 2.3.3 and problem is still there.

Problem:
---------------------------------------
On run:
mysql_error: You have an error in your SQL syntax; check the manual that 
corresponds to your MySQL server version for the right syntax to use 
near 'schema' at line 1
database: schema version = 0

Reason:
---------------------------------------
schema is now aparently a reserved word in mysql..

Quick Patch:
---------------------------------------
--- src/output-plugins/spo_database.c.old  Tue Apr 26 13:35:52 2005
+++ src/output-plugins/spo_database.c   Tue Apr 26 13:36:08 2005
@@ -1909,6 +1909,13 @@
    }
    else
 #endif
+   if (data->shared->dbtype_id == DB_MYSQL)
+   {
+      snprintf(select0, MAX_QUERY_LENGTH,
+                "SELECT vseq "
+                "FROM `schema`");
+   }
+   else
    {
       snprintf(select0, MAX_QUERY_LENGTH,
                "SELECT vseq "



Longterm Solution (the-right-way(tm)):
---------------------------------------
Globally define what table and fieldnames shall be inclosed in.
eg.
MYSQL = `%s`
MSSQL = [%s]

(this is a SHOULD do, not a WILL do ;))

Im not on the mailing list, so bear with me if this has already been 
adressed.. Also CC my emailadress if you wish to contact me..

-- 
Med venlig hilsen

Dan Faerch
dan at ...2754...
Tlf. 75 53 35 00

ScanNet Group
A/S ScanNet





More information about the Snort-devel mailing list