[Snort-users] " Problem obtaining SENSOR ID", unable to start snort/access postgres

Eli Stair eli.stair at ...5343...
Mon Oct 14 10:37:04 EDT 2002


I'm having an issue getting snort to start logging to a postgresql 7.2 database.
Being only my second snort install, the first being a simple (and problem-free)
MySQL install I'm a little stumped.  I've tracked the archives, and can't find 
any resolution for this, as it seems only one other person had this issue.
I'd like to have some input from the community to rule out any stupid mistakes
on my part before I bother reporting it to Jed.

After setting up the database, creating all structures, setting permissions on 
the snort user, verifying connectivity, password etc... when running snort it
cannot seem to set the sensor value.  Output from snort follows.  Any recom-
mendations on where to go with this?  Thanks all for your time and knowledge.

Cheers,

/eli

Linux 2.4.19, Mandrake 9.1, Snort 1.8.7 w/ postgresql+flexresp, postgres 7.2

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
[root at ...6562... snort]# snort-postgresql+flexresp  -u snort -g snort -d -c /etc/snort/snort.conf
Log directory = /var/log/snort

Initializing Network Interface eth0

        --== Initializing Snort ==--
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD
database: compiled support for ( postgresql )
database: configured to use postgresql
database:          user = snort
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name = 12.219.134.40
database: postgresql_error: ERROR:  sensor_sid_seq.nextval: you don't have permissions to set sequence sensor_sid_seq

database: Problem obtaining SENSOR ID (sid) from postgresql->snort->sensor

 When this plugin starts, a SELECT query is run to find the sensor id for the
 currently running sensor. If the sensor id is not found, the plugin will run
 an INSERT query to insert the proper data and generate a new sensor id. Then a
 SELECT query is run to get the newly allocated sensor id. If that fails then
 this error message is generated.

 Some possible causes for this error are:
 * the user does not have proper INSERT or SELECT privileges
 * the sensor table does not exist

 If you are _absolutly_ certain that you have the proper privileges set and
 that your database structure is built properly please let me know if you
 continue to get this error. You can contact me at (jed at ...153...).





More information about the Snort-users mailing list