[Snort-users] Mysql 101 (ACID config)

Roman Danyliw roman at ...438...
Sun Oct 20 12:08:32 EDT 2002


Snort v1.9 requires DB schema v106.  It appears that your database has not been
upgraded.  Look in the Changelog for instructions for converting schema v105 -> v106

Roman

On Sat, 19 Oct 2002 18:52:57 -0700, "Edward W. Ray" <ewray_home at ...7224...> wrote :

> I have tried installing the ACID, mysql, snort combo on my Red Hat Linux
> 7.3 box.  The Web page comes up fine; however, I cannot get snort to log
> to mysql.  The following error occurs when trying to run Snort in mysql
> logging mode:
> 
> [root at ...7225... .snortrc]# snort -U -d -c /root/.snortrc/snort.conf
> Initializing Output Plugins!
> Log directory = /var/log/snort
> 
> Initializing Network Interface eth0
> 
>         --== Initializing Snort ==--
> Decoding Ethernet on interface eth0
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file /root/.snortrc/snort.conf
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> No arguments to frag2 directive, setting defaults to:
>     Fragment timeout: 60 seconds
>     Fragment memory cap: 4194304 bytes
>     Fragment min_ttl:   0
>     Fragment ttl_limit: 5
>     Fragment Problems: 0
> Stream4 config:
>     Stateful inspection: ACTIVE
>     Session statistics: INACTIVE
>     Session timeout: 30 seconds
>     Session memory cap: 8388608 bytes
>     State alerts: INACTIVE
>     Evasion alerts: INACTIVE
>     Scan alerts: ACTIVE
>     Log Flushed Streams: INACTIVE
>     MinTTL: 1
>     TTL Limit: 5
>     Async Link: 0
> No arguments to stream4_reassemble, setting defaults:
>      Reassemble client: ACTIVE
>      Reassemble server: INACTIVE
>      Reassemble ports: 21 23 25 53 80 143 110 111 513
>      Reassembly alerts: ACTIVE
>      Reassembly method: FAVOR_OLD
> http_decode arguments:
>     Unicode decoding
>     IIS alternate Unicode decoding
>     IIS double encoding vuln
>     Flip backslash to slash
>     Include additional whitespace separators
>     Ports to decode http on: 80 
> rpc_decode arguments:
>     Ports to decode RPC on: 111 32771 
> telnet_decode arguments:
>     Ports to decode telnet on: 21 23 25 119 
> Using GMT time
> Conversation Config:
>    KeepStats: 0
>    Conv Count: 32000
>    Timeout   : 60
>    Alert Odd?: 0
>    Allowed IP Protocols:  All
> 
> Portscan2 config:
>     log: /var/log/snort/scan.log
>     scanners_max: 3200
>     targets_max: 5000
>     target_limit: 5
>     port_limit: 20
>     timeout: 60
> database: compiled support for ( mysql )
> database: configured to use mysql
> database:          user = snort
> database: password is set
> database: database name = snort
> database:          host = 000.000.000.000
> database:   sensor name = 192.168.1.102
> database:     sensor id = 1
> database: mysql_error: Unknown column 'last_cid' in 'field list'
> database: mysql_error: Unknown column 'last_cid' in 'field list'
> SQL=UPDATE sensor SET last_cid = 54 WHERE sid = 1
> database: inconsistent cid information for sid=1
>           Recovering by rolling forward the cid=54
> database: schema version = 105
> database: The underlying database seems to be running an older version
> of
>           the DB schema (current version=105, required minimum version=
> 106).
> 
>           If you have an existing database with events logged by a
> previous
>           version of snort, this database must first be upgraded to the
> latest
>           schema (see the snort-users mailing list archive or DB plugin
>           documention for details).
> 
>           If migrating old data is not desired, merely create a new
> instance
>           of the snort database using the appropriate DB creation script
>           (e.g. create_mysql, create_postgresql, create_oracle,
> create_mssql)
>           located in the contrib\ directory.
> 
>           See the database documentation for cursory details
> (doc/README.database).
>           and the URL to the most recent database plugin documentation.
> Fatal Error, Quitting..
> 
> I have tried to create a new instance of the snort database, and I get
> the follwing error:
> 
> [root at ...7225... root]# mysql -u root -p
> Enter password: 
> Welcome to the MySQL monitor.  Commands end with ; or \g.
> Your MySQL connection id is 27 to server version: 3.23.52
> 
> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
> 
> mysql> connect snort
> Reading table information for completion of table and column names
> You can turn off this feature to get a quicker startup with -A
> 
> Connection id:    28
> Current database: snort
> 
> mysql> source create_mysql
> ERROR: 
> Failed to open file 'create_mysql', error: 2
> mysql> source /home/create_mysql
> mysql: Error reading file '/home/create_mysql' (Errcode: 21)
> mysql> source create_mysql
> ERROR: 
> Failed to open file 'create_mysql', error: 2
> mysql> exit
> Bye
> 
> I figure the issue is with mysql, but any help would be greatly
> appreciated.
> 
> 
> Regards,
> 
> Edward W. Ray
> 
> 
> 
> 




More information about the Snort-users mailing list