[Snort-users] " Problem obtaining SENSOR ID", unable to start snort/access postgres
eli.stair at ...5343...
Mon Oct 14 10:37:04 EDT 2002
I'm having an issue getting snort to start logging to a postgresql 7.2 database.
Being only my second snort install, the first being a simple (and problem-free)
MySQL install I'm a little stumped. I've tracked the archives, and can't find
any resolution for this, as it seems only one other person had this issue.
I'd like to have some input from the community to rule out any stupid mistakes
on my part before I bother reporting it to Jed.
After setting up the database, creating all structures, setting permissions on
the snort user, verifying connectivity, password etc... when running snort it
cannot seem to set the sensor value. Output from snort follows. Any recom-
mendations on where to go with this? Thanks all for your time and knowledge.
Linux 2.4.19, Mandrake 9.1, Snort 1.8.7 w/ postgresql+flexresp, postgres 7.2
[root at ...6562... snort]# snort-postgresql+flexresp -u snort -g snort -d -c /etc/snort/snort.conf
Log directory = /var/log/snort
Initializing Network Interface eth0
--== Initializing Snort ==--
Decoding Ethernet on interface eth0
Initializating Output Plugins!
Parsing Rules file /etc/snort/snort.conf
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
Fragment timeout: 60 seconds
Fragment memory cap: 4194304 bytes
Fragment min_ttl: 0
Fragment ttl_limit: 5
Fragment Problems: 0
Stateful inspection: ACTIVE
Session statistics: INACTIVE
Session timeout: 30 seconds
Session memory cap: 8388608 bytes
State alerts: INACTIVE
Evasion alerts: INACTIVE
Scan alerts: ACTIVE
Log Flushed Streams: INACTIVE
TTL Limit: 5
No arguments to stream4_reassemble, setting defaults:
Reassemble client: ACTIVE
Reassemble server: INACTIVE
Reassemble ports: 21 23 25 53 80 143 110 111 513
Reassembly alerts: ACTIVE
Reassembly method: FAVOR_OLD
database: compiled support for ( postgresql )
database: configured to use postgresql
database: user = snort
database: password is set
database: database name = snort
database: host = localhost
database: sensor name = 184.108.40.206
database: postgresql_error: ERROR: sensor_sid_seq.nextval: you don't have permissions to set sequence sensor_sid_seq
database: Problem obtaining SENSOR ID (sid) from postgresql->snort->sensor
When this plugin starts, a SELECT query is run to find the sensor id for the
currently running sensor. If the sensor id is not found, the plugin will run
an INSERT query to insert the proper data and generate a new sensor id. Then a
SELECT query is run to get the newly allocated sensor id. If that fails then
this error message is generated.
Some possible causes for this error are:
* the user does not have proper INSERT or SELECT privileges
* the sensor table does not exist
If you are _absolutly_ certain that you have the proper privileges set and
that your database structure is built properly please let me know if you
continue to get this error. You can contact me at (jed at ...153...).
More information about the Snort-users