[Snort-users] ODBC+TDS woes

Paul Schmehl pauls at ...6838...
Mon Apr 14 08:48:04 EDT 2003


Why don't you use the nice instructions written by Keith Tokash?
http://www.snort.org/docs/

I'm not sure why you're trying to use FreeTDS and UnixODBC.  You don't need 
them.  Just use the ports of snort and mysql with aodbc if you want to use 
ACID.  Works fine for me.

--On Monday, April 14, 2003 09:51:21 AM -0400 Jeff <jeffi at ...1364...> wrote:

> Hello,
>
>    I have seen a handful of messages along a similar vein to this,
> without much successful followup,  I can only hope that this turns out
> differently.
>
> (background)
> FreeBSD 4.7
> Snort 1.9.1
> FreeTDS 0.61
> unixODBC 2.2.4
>
> I am trying to get snort to log to an MSSQL 2000 database via
> unixODBC+FreeTDS. Every single time snort quits on startup with the
> following:
>
> database: ODBC unable to connect
> Fatal Error, Quitting..
>
> Here is the relevent snort.conf line(s) that have been tested (carriage
> returns 	are not really there in the config):
>
># output database: log, odbc, user=snort password=xxxx dbname=snort_log
> 	host=myserver sensor_name=dmz ignore_bpf=yes
># output database: log, odbc, user=snort password=xxxx dbname=snort_log
> 	host=10.10.10.99 sensor_name=dmz ignore_bpf=yes
> output database: log, odbc, user=snort password=xxxx dbname=snort_log
> 	sensor_name=dmz
>
> Here is odbcinst.ini
>
> [FreeTDS]
> Description             = FreeTDS unixODBC Driver
> Driver          = /usr/local/lib/libtdsodbc.so
> FileUsage               = 1
>
> (note: odbc.ini is empty, but I have followed the directions here:
> 	http://www.unixodbc.org/doc/FreeTDS.html)
>
> freetds/interfaces:
>
> myserver
>         query tcp 7.0 10.10.10.99 1433
>
> freetds.conf:
>
> [myserver]
>         host = 10.10.10.99
>         port = 1433
>         tds version = 7.0
>
> ...
> I can connect to the database via the commandline "isql", and I have
> setup  tcpdump to view the traffic when snort starts up, and I see no
> attempts at any sort of ODBC connection. I have compiled FreeTDS with
> both --with-tdsver=7.0  and --with-tdsver=4.2, with the same results.  I
> am using the FreeBSD port and I have compiled the snort (1.9.1) port
> WITH_MYSQL and WITH_ODBC, FreeTDS is  compiled WITH_UNIXODBC.
>
> As far as I can tell, there is no library problem, everything is linked
> correctly.
> /usr/local/bin/snort:
>         libz.so.2 => /usr/lib/libz.so.2
>         libpcap.so.2 => /usr/lib/libpcap.so.2
>         libm.so.2 => /usr/lib/libm.so.2
>         libmysqlclient.so.10 => /usr/local/lib/mysql/libmysqlclient.so.10
>         libodbc.so.1 => /usr/local/lib/libodbc.so.1
>         libc_r.so.4 => /usr/lib/libc_r.so.4
>         libcrypt.so.2 => /usr/lib/libcrypt.so.2
>         libc.so.4 => /usr/lib/libc.so.4
>         libiconv.so.3 => /usr/local/lib/libiconv.so.3
>
>
> Any insight on what may be causing it, or what needs to be done
> differently would be greatly appreciated.
>
> Thank you,
> Jeff
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list