[Snort-devel] Silly snort 2.4.3 annoyance - missing DB name

Martin Olsson elof at ...969...
Tue Jan 24 06:22:01 EST 2006


On Tue, 24 Jan 2006, Dirk Geschke wrote:
> > database output plugin:
> > output database: log, mysql, user=foo password=foo dbname=bar host=1.1.1.1 sensor_name=gazonk
> >
> > When the self test is exiting the following is printed:
> [...]
> > database: Closing connection to database ""     <-----------------
> > Snort exiting
> >
> > Shouldn't it print 'Closing connection to database "bar"' or something?
>
> no, this is not really a bug but a misinformation. The test mode ends
> before the output plugins are activated. So there was not a connection
> to the database at all.

Oh, yes there must be a database connection in testmode:

database: compiled support for ( mysql )
database: configured to use mysql
database:          user = foo
database: password is set
database: database name = bar
database:          host = 1.1.1.1
database:   sensor name = gazonk
database:     sensor id = 2             <--------
database: schema version = 106
database: using the "log" facility

If no connection is made, where does the sensor id come from?


> But if you are trying to check the syntax of your config
> file on a central machine before installing it on remote sensors
> this could lead to strange results. Think of one snort process
> which is already connected to the database whith this sensor
> name.

No, I'm running the test on the sensor itself. :-)

/Martin





More information about the Snort-devel mailing list