[Snort-users] Snort 1.9.0 on Windows and MSSQL

Jarret Gibson jarret at ...7313...
Fri Oct 25 12:02:35 EDT 2002


MessageI switched down to the 1.8.7 build with MS SQL support on Silicon Defense's site and managed to get everything up and running on my system.  Never could figure out how to compile one of the 1.9 betas with MS SQL support using Visual C++, though. 

The latest ACID version is up and running with my setup, as well.  I'm noticing, though, that ACID is reporting much MUCH fewer alerts than I was getting with the 1.9 versions doing basic directory logging and SnortSnarf.

Any reason for this?  Maybe the rule set needs to be updated?

Jarret Gibson

  ----- Original Message ----- 
  From: Steve Pearson 
  To: snort-users at lists.sourceforge.net 
  Sent: Thursday, October 24, 2002 9:04 PM
  Subject: RE: [Snort-users] Snort 1.9.0 on Windows and MSSQL


  This is the identical symptoms I had, too, so I suspect it is a problem with the compiled release of Snort 1.9. I went back to 1.8.x and it fixed the problem.

  Steve

    -----Original Message-----
    From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Robbins, Mark
    Sent: Thursday, October 24, 2002 11:44 AM
    To: snort-users at lists.sourceforge.net
    Subject: [Snort-users] Snort 1.9.0 on Windows and MSSQL


    Has anyone gotten Snort 1.9.0 to log to an MSSQL database with the available (compiled) executables? 

    I am getting the error message 

    database: SQL Server message 156, state 1, severity 15:
    Incorrect syntax near the keyword 'schema'. 
    database: The above error was caused by the following statement:
    SELECT vseq FROM schema 

    In MSSQL, schema is a reserved word, and the syntax would have to be SELECT vseq FROM [schema] for this to work. I have used previous versions of snort to log to MSSQL with no difficulty.

    Could this problem arise from a configuration mistake I have made, or is the problem in snort.exe itself? 

    Thanks for any help you can provide. 

    Mark Robbins 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021025/d0890606/attachment.html>


More information about the Snort-users mailing list