[Snort-users] need help with MySQL tables

L. Christopher Luther CLuther at ...6333...
Mon Sep 8 21:02:06 EDT 2003


Silly question:  Are you sure you're not attempting to create the Snort/ACID
database on a MS SQL server?  "Timestamp" is reserved word in MS SQL and
mixing the MySQL scripts w/ the MS SQL scripts would cause problems.  

- Christopher 


-----Original Message-----
From: Christopher E. Cramer [mailto:chris.cramer at ...799...]
Sent: Saturday, September 06, 2003 5:19 PM
To: KTyson9426 at ...661...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] need help with MySQL tables



what version of mysql are you using?  the table create command you cite 
works for me under mysql 3.23.56.  

-c


On Sat, 6 Sep 2003, Paul Schmehl wrote:

> Included in the source for snort is are scripts to create the tables you 
> need with the correct values for each type of database that snort reports.

> The mysql script is named create_mysql.
> 
> You run it like this:
> mysql -p snort < /path/to/create_msql
> 
> That should create the tables you need without you having to do it
manually.
> 
> You *did* compile snort with mysql support, right??
> 
> --On Saturday, September 06, 2003 2:56 PM -0400 KTyson9426 at ...661... wrote:
> 
> > Hello... And thanks to ANYONE that can offer me a little guidance with
my
> > problem.  I started installing snort 2 - 3 weeks ago when I bumped into
> > my problem and have yet to get the snort installation completed.... And
> > my boss is getting pretty aggravated and I think getting ready to deep 6
> > the idea of installing Snort on our network.
> >
> > I've read threw everything I can get my hands on and have posted on the
> > Google mailing.group.snort several times... And never even got a
reply...
> > So if anyone would be willing to help me, they would find an extremely
> > grateful person on the other side of their PC.  If it's just a stupid
> > question then I apologize... But I have read threw everything I can get
> > my hands on and still can't figure this out...
> >
> > For the most part my Snort 2.0 installation has been pretty painless. I
> > got Snort itself installed and running and it was logging alerts to a
> > flat file.... So the next step in my installation process was to to
> > create the MySQL tables for the database logging (I'm planning on using
> > ACID) and thats where everything ground down to a halt!!!
> >
> > When I try to create the table "event", MySQL keeps barfing all over the
> > "timestamp" column.  I keep getting parsing errors on the "timestamp"
> > column.  I've renamed this column and the create tablestatement will run
> > fine.
> >
> > create table event (   sid   INT UNSIGNED NOT NULL,
> >                                cid   INT UNSIGNED NOT NULL,
> >                                signature INT UNSIGNED NOT NULL,
> >                                timestamp DATETIME NOT NULL,
> >              PRIMARY KEY (sid,cid),
> >              INDEX sig (signature),
> >              INDEX time (timestamp));
> >
> >> mysql -u=root < create_mysql.sql
> >
> >> ERROR: parse error near 'timestamp DATETIME NOT NULL,
> > PRIMARY KEY (sid,cid),
> > INDEX sig (signature),
> > INDEX time (timestamp))'
> >
> > Which totally has me baffled because I got the scripts to create the
> > snort DB off the Syngress Snort 2.0 book.... Plus I found the same
script
> > in a different location (cvs.sourceforge.net)... So I completely expect
> > them to work... I'm just not sure what's wrong.
> >
> > I posted something in a MySQL message board and I had a guy tell me that
> > "timestamp" is a reserved word and that I can't use it.... So if
> > "timestamp" is a reserved word and I'm not supposed to use it as a
column
> > name..... WTF???  What do I do????  Can someone please respond and
advise
> > me how to handle this?!?!?!?!?!?!?
> 
> 
> 
> Paul Schmehl (pauls at ...6838...)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list