[Snort-users] Snort Sensors + logging to MSSQL

shreerang vaidya shreerang at ...8006...
Thu Jan 16 04:20:03 EST 2003


Hi  Paulo ,

Thank You for the response.

DO you have any suggestions regarding pulling data of a MYSQL server sitting on a Unix host from a Windows system . We tried using myodbc but it does not work.

This is the path we would like to follow:

snort ---> MYSQL -----> some kind of ODBC provider to mysql ----> ADO to VB/ASP.

Hope to get somewhere with this.


Thank You,
Shree.



---------- Original Message ----------------------------------
From: "Paulo Filipe Mira" <paulo.mira at ...5092...>
Reply-To: paulo.mira at ...5092...
Date: Thu, 16 Jan 2003 11:34:44 -0000

>Last time i checked, snort didn't have native support for MSSQL, and
>you had to let unixodbc handle the data. So first of all, you had to set up
>unixodbc. unixodbc itself needs a driver to be able to talk to MSSQL.
>
>I set up a driver called FreeTDS, which comes with a good set of
>utilities for communicating with MSSQL, including one called isql, which
>is a command line client similar to osql for Win. I was able to log on to
>the DB using isql, and issue some queries to the DB, and aparently all was
>working fine.
>The schema for what you are trying to do is this:
>
>snort ---> unixodbc ---> (some TDS driver) ---> MSSQL
>
>However, i was never able to make snort log data to the MSSQL DB:
>it failed on the very first query, when it queried the DB for the
>sensors' names. You should search snort-users' archives for my post
>to the list describing the errors i got. Search for 'mssql freetds'
>on the subject.
>
>All this was back in the 1.8.6/1.8.7 days, so things might have changed
>since then. I resorted to using mysql, and haven't tried MSSQL since then.
>
>Good luck, and let us know if you get somewhere.
>
>Paulo Filipe Mira
>SA
>Soquimica
>paulo dot mira at soquimica dot pt
>
>
>
>> -----Original Message-----
>> From: snort-users-admin at lists.sourceforge.net
>> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of shreerang
>> vaidya
>> Sent: quarta-feira, 15 de Janeiro de 2003 12:38
>> To: snort-users at lists.sourceforge.net
>> Subject: [Snort-users] Snort Sensors + logging to MSSQL
>> 
>> 
>> Hi,
>> 
>> Hi 
>> 
>> I am running a couple of snort sensors on redhat 8.0 nodes . 
>> I need to log all alerts and data to a central server running 
>> WindoZe and MSSQL 2000.
>> 
>> I have edited the snort.conf file to enable the necessary 
>> changes to log to the MSSQL server.
>> 
>> The SQL database has been configured and the necessary 
>> database had been created.
>> 
>> Do i need to run/enable anything else in order to log to the 
>> SQL server?
>> 
>> 
>> 
>> Thank You,
>> Shree.
>> 
>> 
>> 
>> -------------------------------------------------------
>> This SF.NET email is sponsored by: Take your first step 
>> towards giving 
>> your online business a competitive advantage. Test-drive a Thawte SSL 
>> certificate - our easy online guide will show you how. Click 
>> here to get 
>> started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 
>
>
>
>-------------------------------------------------------
>This SF.NET email is sponsored by: Thawte.com
>Understand how to protect your customers personal information by implementing
>SSL on your Apache Web Server. Click here to get our FREE Thawte Apache 
>Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>




More information about the Snort-users mailing list