[Snort-users] need help with MySQL tables

Paul Schmehl pauls at ...6838...
Sat Sep 6 12:34:04 EDT 2003


Included in the source for snort is are scripts to create the tables you 
need with the correct values for each type of database that snort reports. 
The mysql script is named create_mysql.

You run it like this:
mysql -p snort < /path/to/create_msql

That should create the tables you need without you having to do it manually.

You *did* compile snort with mysql support, right??

--On Saturday, September 06, 2003 2:56 PM -0400 KTyson9426 at ...661... wrote:

> Hello... And thanks to ANYONE that can offer me a little guidance with my
> problem.  I started installing snort 2 - 3 weeks ago when I bumped into
> my problem and have yet to get the snort installation completed.... And
> my boss is getting pretty aggravated and I think getting ready to deep 6
> the idea of installing Snort on our network.
>
> I've read threw everything I can get my hands on and have posted on the
> Google mailing.group.snort several times... And never even got a reply...
> So if anyone would be willing to help me, they would find an extremely
> grateful person on the other side of their PC.  If it's just a stupid
> question then I apologize... But I have read threw everything I can get
> my hands on and still can't figure this out...
>
> For the most part my Snort 2.0 installation has been pretty painless. I
> got Snort itself installed and running and it was logging alerts to a
> flat file.... So the next step in my installation process was to to
> create the MySQL tables for the database logging (I'm planning on using
> ACID) and thats where everything ground down to a halt!!!
>
> When I try to create the table "event", MySQL keeps barfing all over the
> "timestamp" column.  I keep getting parsing errors on the "timestamp"
> column.  I've renamed this column and the create tablestatement will run
> fine.
>
> create table event (   sid   INT UNSIGNED NOT NULL,
>                                cid   INT UNSIGNED NOT NULL,
>                                signature INT UNSIGNED NOT NULL,
>                                timestamp DATETIME NOT NULL,
>              PRIMARY KEY (sid,cid),
>              INDEX sig (signature),
>              INDEX time (timestamp));
>
>> mysql -u=root < create_mysql.sql
>
>> ERROR: parse error near 'timestamp DATETIME NOT NULL,
> PRIMARY KEY (sid,cid),
> INDEX sig (signature),
> INDEX time (timestamp))'
>
> Which totally has me baffled because I got the scripts to create the
> snort DB off the Syngress Snort 2.0 book.... Plus I found the same script
> in a different location (cvs.sourceforge.net)... So I completely expect
> them to work... I'm just not sure what's wrong.
>
> I posted something in a MySQL message board and I had a guy tell me that
> "timestamp" is a reserved word and that I can't use it.... So if
> "timestamp" is a reserved word and I'm not supposed to use it as a column
> name..... WTF???  What do I do????  Can someone please respond and advise
> me how to handle this?!?!?!?!?!?!?



Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list