[Snort-users] Database issue (Snort 1.8.4, FreeTDS .53, UnixODBC, M$ SQL 7)

Onie Camara neil at ...4898...
Wed Feb 20 00:59:02 EST 2002


Hi Scott,

Actually, there is no problem with compilation and installation of freetds
and unixodbc.

What my problem is, when running isql. It shows "undefined symbol:
g_str_equal".
This happened in my freebsd and openbsd setup. Also, this happens if I will
compile and install freetds and unixodbc using the tarballs I've downloaded
from
respective sites.

I managed to make it work using FreeBSD's port (/usr/ports).
But still, I wanted to make it work using the source code I've downloaded
since
using the packages in openbsd still has the same behavior.

I've checked glib-config --cflags, glib-config --libs, nm and they are all
fine.

Another reason is, it's not always that I will install FreeBSD. It would
depend on what my client
wants me to install.

Please help.

Thanks.


----- Original Message -----
From: "Steve Scott" <sjscott007 at ...741...>
To: "Onie Camara" <neil at ...4898...>;
<Snort-users at lists.sourceforge.net>
Sent: Sunday, February 17, 2002 1:54 PM
Subject: Re: [Snort-users] Database issue (Snort 1.8.4, FreeTDS .53,
UnixODBC, M$ SQL 7)


> Hi Onie,
>
>     I am using Redhat 7.2 for the sensors and obviously Windows 2000
running
> MSSQL 7.0.  Compiling has not been an issue for me.
>
> Snort: ./configure --with-unixodbc, make, make install
> FreeTDS: ./configure --with-tdsver=7.0 --with-unixodbc=/usr/include
> unixodbc: I just downloaded the RPM's.
>
> In your case, it sounds like it can't find the header files for unixodbc.
I
> don't have my documentation with me right now but I think there in the
> /usr/include.
> So compile with --with-tdsver=7.0 --with-unixodbc=/usr/include.  If this
is
> not the case, put a bogus directory in the --with-unixodb option at
compile
> time and it should complain it can find something like sql.h.  Search for
> those files and then use that directory.
>
> Hope this helps...
>
> My problem is when snort starts it populates the sensor table to identify
> itself, but when it queries the information back it bombs out.  Very
> strange, considering I can run the same query from isql and it works find.
> I tried both TDS versions 4.2 and 7.0 with the exact same result.  I have
a
> feeling when snort is querying the database, the format it receives is not
> what snort is expecting.
>
> Steve
>
>
> ----- Original Message -----
> From: "Onie Camara" <neil at ...4898...>
> To: "Steve Scott" <sjscott007 at ...4968...>
> Sent: Thursday, February 14, 2002 1:10 AM
> Subject: Re: [Snort-users] Database issue (Snort 1.8.4, FreeTDS .53,
> UnixODBC, M$ SQL 7)
>
>
> > Hi Steve,
> >
> > I have successfully compiled and installed freetds and unixodbc in
> FreeBSD.
> > What operating system did you use?
> >
> > I tried it on openbsd, I couldn't make isql to work properly. Would you
> help
> > me
> > on your procedure on how you installed unixodbc and freetds.
> >
> > What where the parameters you included when you run configure in
freetds?
> > Mine is like this,
> ./configure --with-tdsver=7.0 --with-unixodbc=/usr/local
> > then gmake && gmake install
> >
> > Btw, my problem in openbsd and freebsd was
> > undefined symbol in /usr/local/lib/libtdsodbc.so: g_str_equal
> > This happens if I am going to compile from the source. Versions are
> > freetds-0.53 and unixodbc-2.2.0
> >
> > It became successful, in freebsd, when I used the
> > /usr/ports/databases/freetds.
> >
> > So, would you help me compile from the source?
> >
> > Thanks in advance.
> >
> > Onie
> >
> > ----- Original Message -----
> > From: "Steve Scott" <sjscott007 at ...4968...>
> > To: <Snort-users at lists.sourceforge.net>
> > Sent: Wednesday, February 13, 2002 10:04 AM
> > Subject: [Snort-users] Database issue (Snort 1.8.4, FreeTDS .53,
UnixODBC,
> > M$ SQL 7)
> >
> >
> > > Hello,
> > >
> > > I am trying to use snort with a M$ SQL 7 database.  I have the
> > > following installed Snort 1.8.4, FreeTDS .53, UnixODBC and M$ SQL 7.
> > > The problem is when snort starts it registers the sensor to the
database
> > > successfully(aka. puts a row in the sensor table), but when it trys to
> > > query the information back it fails.  Also, when I issue the the same
> > > query(and using the same acccount) from isql it is returned
> > > successfully.  Does anyone have any ideas?  Below is the error that is
> > > generated when I run Snort.
> > >
> > > Thanks,
> > >
> > > Steve
> > >
> > >
> > > Snort - Ouput
> >
>
> --------------------------------------------------------------------------
> > -------------
> > > query = SELECT sid FROM sensor WHERE hostname =
> > > 'obeone.xxx.xx.xxxxxxxx.com:eth1
> > > ' AND interface = 'eth1' AND detail = '1' AND encoding = '0' AND
filter
> > > IS NULL
> > > query = INSERT INTO sensor (hostname, interface, detail, encoding)
> > > VALUES ('obeone.xxx.xxx.xxxxxxxx.com:eth1
> > > ','eth1','1','0')
> > > query = SELECT sid FROM sensor WHERE hostname =
> > > 'obeone.xxx.xx.xxxxxxxx.com:eth1
> > > ' AND interface = 'eth1' AND detail = '1' AND encoding = '0' AND
filter
> > > IS NULL
> > > database: Problem obtaining SENSOR ID (sid) from odbc->Snort->sensor
> > >
> > >  When this plugin starts, a SELECT query is run to find the sensor id
> > > for the
> > >  currently running sensor. If the sensor id is not found, the plugin
> > > will run
> > >  an INSERT query to insert the proper data and generate a new sensor
id.
> > > Then a
> > >  SELECT query is run to get the newly allocated sensor id. If that
fails
> > > then
> > >  this error message is generated.
> > >
> > >  Some possible causes for this error are:
> > >  * the user does not have proper INSERT or SELECT privileges
> > >  * the sensor table does not exist
> > >
> > >  If you are _absolutly_ certain that you have the proper privileges
set
> > > and
> > >  that your database structure is built properly please let me know if
> > > you
> > >  continue to get this error
> > >
> > > Fatal Error, Quitting..
> >
> > ------------------------------------------------------------------------
--
> > -----------
> > >
> > > Snort.conf
> >
>
> --------------------------------------------------------------------------
> > -----------
> > > output database: log, odbc, dbname=Snort user:snort password:cccccc
> > >
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list