[Snort-users] Database issue (Snort 1.8.4, FreeTDS .53, UnixODBC, M$ SQL 7)

Steve Scott sjscott007 at ...741...
Sun Feb 17 11:55:04 EST 2002


Hi Onie,

    I am using Redhat 7.2 for the sensors and obviously Windows 2000 running
MSSQL 7.0.  Compiling has not been an issue for me.

Snort: ./configure --with-unixodbc, make, make install
FreeTDS: ./configure --with-tdsver=7.0 --with-unixodbc=/usr/include
unixodbc: I just downloaded the RPM's.

In your case, it sounds like it can't find the header files for unixodbc.  I
don't have my documentation with me right now but I think there in the
/usr/include.
So compile with --with-tdsver=7.0 --with-unixodbc=/usr/include.  If this is
not the case, put a bogus directory in the --with-unixodb option at compile
time and it should complain it can find something like sql.h.  Search for
those files and then use that directory.

Hope this helps...

My problem is when snort starts it populates the sensor table to identify
itself, but when it queries the information back it bombs out.  Very
strange, considering I can run the same query from isql and it works find.
I tried both TDS versions 4.2 and 7.0 with the exact same result.  I have a
feeling when snort is querying the database, the format it receives is not
what snort is expecting.

Steve


----- Original Message -----
From: "Onie Camara" <neil at ...4898...>
To: "Steve Scott" <sjscott007 at ...4968...>
Sent: Thursday, February 14, 2002 1:10 AM
Subject: Re: [Snort-users] Database issue (Snort 1.8.4, FreeTDS .53,
UnixODBC, M$ SQL 7)


> Hi Steve,
>
> I have successfully compiled and installed freetds and unixodbc in
FreeBSD.
> What operating system did you use?
>
> I tried it on openbsd, I couldn't make isql to work properly. Would you
help
> me
> on your procedure on how you installed unixodbc and freetds.
>
> What where the parameters you included when you run configure in freetds?
> Mine is like this,
./configure --with-tdsver=7.0 --with-unixodbc=/usr/local
> then gmake && gmake install
>
> Btw, my problem in openbsd and freebsd was
> undefined symbol in /usr/local/lib/libtdsodbc.so: g_str_equal
> This happens if I am going to compile from the source. Versions are
> freetds-0.53 and unixodbc-2.2.0
>
> It became successful, in freebsd, when I used the
> /usr/ports/databases/freetds.
>
> So, would you help me compile from the source?
>
> Thanks in advance.
>
> Onie
>
> ----- Original Message -----
> From: "Steve Scott" <sjscott007 at ...4968...>
> To: <Snort-users at lists.sourceforge.net>
> Sent: Wednesday, February 13, 2002 10:04 AM
> Subject: [Snort-users] Database issue (Snort 1.8.4, FreeTDS .53, UnixODBC,
> M$ SQL 7)
>
>
> > Hello,
> >
> > I am trying to use snort with a M$ SQL 7 database.  I have the
> > following installed Snort 1.8.4, FreeTDS .53, UnixODBC and M$ SQL 7.
> > The problem is when snort starts it registers the sensor to the database
> > successfully(aka. puts a row in the sensor table), but when it trys to
> > query the information back it fails.  Also, when I issue the the same
> > query(and using the same acccount) from isql it is returned
> > successfully.  Does anyone have any ideas?  Below is the error that is
> > generated when I run Snort.
> >
> > Thanks,
> >
> > Steve
> >
> >
> > Snort - Ouput
>
> --------------------------------------------------------------------------
> -------------
> > query = SELECT sid FROM sensor WHERE hostname =
> > 'obeone.xxx.xx.xxxxxxxx.com:eth1
> > ' AND interface = 'eth1' AND detail = '1' AND encoding = '0' AND filter
> > IS NULL
> > query = INSERT INTO sensor (hostname, interface, detail, encoding)
> > VALUES ('obeone.xxx.xxx.xxxxxxxx.com:eth1
> > ','eth1','1','0')
> > query = SELECT sid FROM sensor WHERE hostname =
> > 'obeone.xxx.xx.xxxxxxxx.com:eth1
> > ' AND interface = 'eth1' AND detail = '1' AND encoding = '0' AND filter
> > IS NULL
> > database: Problem obtaining SENSOR ID (sid) from odbc->Snort->sensor
> >
> >  When this plugin starts, a SELECT query is run to find the sensor id
> > for the
> >  currently running sensor. If the sensor id is not found, the plugin
> > will run
> >  an INSERT query to insert the proper data and generate a new sensor id.
> > Then a
> >  SELECT query is run to get the newly allocated sensor id. If that fails
> > then
> >  this error message is generated.
> >
> >  Some possible causes for this error are:
> >  * the user does not have proper INSERT or SELECT privileges
> >  * the sensor table does not exist
> >
> >  If you are _absolutly_ certain that you have the proper privileges set
> > and
> >  that your database structure is built properly please let me know if
> > you
> >  continue to get this error
> >
> > Fatal Error, Quitting..
>
> --------------------------------------------------------------------------
> -----------
> >
> > Snort.conf
>
> --------------------------------------------------------------------------
> -----------
> > output database: log, odbc, dbname=Snort user:snort password:cccccc
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list