[Snort-users] need help with MySQL tables

KTyson9426 at ...661... KTyson9426 at ...661...
Sat Sep 6 11:58:03 EDT 2003


Hello... And thanks to ANYONE that can offer me a little guidance with my 
problem.  I started installing snort 2 - 3 weeks ago when I bumped into my 
problem and have yet to get the snort installation completed.... And my boss is 
getting pretty aggravated and I think getting ready to deep 6 the idea of 
installing Snort on our network.

I've read threw everything I can get my hands on and have posted on the 
Google mailing.group.snort several times... And never even got a reply... So if 
anyone would be willing to help me, they would find an extremely grateful person 
on the other side of their PC.  If it's just a stupid question then I 
apologize... But I have read threw everything I can get my hands on and still can't 
figure this out...

For the most part my Snort 2.0 installation has been pretty painless. I got 
Snort itself installed and running and it was logging alerts to a flat file.... 
So the next step in my installation process was to to create the MySQL tables 
for the database logging (I'm planning on using ACID) and thats where 
everything ground down to a halt!!!

When I try to create the table "event", MySQL keeps barfing all over the 
"timestamp" column.  I keep getting parsing errors on the "timestamp" column.  
I've renamed this column and the create tablestatement will run fine.  

create table event (   sid   INT UNSIGNED NOT NULL,
                               cid   INT UNSIGNED NOT NULL,
                               signature INT UNSIGNED NOT NULL,
                               timestamp DATETIME NOT NULL,
             PRIMARY KEY (sid,cid),
             INDEX sig (signature),
             INDEX time (timestamp));

> mysql -u=root < create_mysql.sql 

> ERROR: parse error near 'timestamp DATETIME NOT NULL,
PRIMARY KEY (sid,cid),
INDEX sig (signature),
INDEX time (timestamp))'

Which totally has me baffled because I got the scripts to create the snort DB 
off the Syngress Snort 2.0 book.... Plus I found the same script in a 
different location (cvs.sourceforge.net)... So I completely expect them to work... 
I'm just not sure what's wrong. 

I posted something in a MySQL message board and I had a guy tell me that 
"timestamp" is a reserved word and that I can't use it.... So if "timestamp" is a 
reserved word and I'm not supposed to use it as a column name..... WTF???  
What do I do????  Can someone please respond and advise me how to handle 
this?!?!?!?!?!?!?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030906/55199ec7/attachment.html>


More information about the Snort-users mailing list