[Snort-users] Are there known bugs in the odbc output plugin WRT FreeTDS and unixODBC? (more debug info)

McCash, John John.McCash at ...10979...
Wed Apr 28 14:34:01 EDT 2004


I figured out how to turn on debugging in FreeTDS. Here is the debug information that's generated by it when I try to start up snort...


Starting log file for FreeTDS 0.62.3
        on 2004-04-28 16:18:26 with debug level 99.
names for ISO-8859-1: ISO-8859-1
names for UTF-8: UTF-8
names for UCS-2LE: UCS-2LE
names for UCS-2BE: UCS-2BE
iconv to convert client-side data to the "ISO-8859-1" character set
16:18:26.062866 tds_iconv_info_init: converting "ISO-8859-1"->"UCS-2LE"
16:18:26.063323 tds_iconv_info_init: converting "ISO-8859-1"->"UCS-2LE"
16:18:26.063411 Connecting to 10.3.20.63 port 1433, TDS 8.0.
16:18:26.064408 tds_put_string converting 28 bytes of "aopsecurityserver.andrew.com"
16:18:26.064562 tds_put_string wrote 56 bytes
16:18:26.064617 tds_put_string converting 5 bytes of "snort"
16:18:26.064670 tds_put_string wrote 10 bytes
16:18:26.064725 tds_put_string wrote 0 bytes
16:18:26.064774 tds_put_string converting 6 bytes of "SYBASE"
16:18:26.064826 tds_put_string wrote 12 bytes
16:18:26.064874 tds_put_string wrote 0 bytes
16:18:26.064921 tds_put_string converting 10 bytes of "us_english"
16:18:26.064974 tds_put_string wrote 20 bytes
16:18:26.065022 tds_put_string converting 5 bytes of "snort"
16:18:26.065075 tds_put_string wrote 10 bytes
16:18:26.065248 tds_process_login_tokens()
Received header @ 16:18:26.066296
0000 04 01 01 75 00 4b 01 00-                        |...u.K..|


Received packet @ 16:18:26.066414
0000 e3 19 00 01 05 73 00 6e-00 6f 00 72 00 74 00 06 |.....s.n .o.r.t..|
0010 6d 00 61 00 73 00 74 00-65 00 72 00 ab 64 00 45 |m.a.s.t. e.r..d.E|
0020 16 00 00 02 00 24 00 43-00 68 00 61 00 6e 00 67 |.....$.C .h.a.n.g|
0030 00 65 00 64 00 20 00 64-00 61 00 74 00 61 00 62 |.e.d. .d .a.t.a.b|
0040 00 61 00 73 00 65 00 20-00 63 00 6f 00 6e 00 74 |.a.s.e.  .c.o.n.t|
0050 00 65 00 78 00 74 00 20-00 74 00 6f 00 20 00 27 |.e.x.t.  .t.o. .'|
0060 00 73 00 6e 00 6f 00 72-00 74 00 27 00 2e 00 08 |.s.n.o.r .t.'....|
0070 41 00 4f 00 50 00 53 00-45 00 43 00 44 00 42 00 |A.O.P.S. E.C.D.B.|
0080 00 00 00 e3 08 00 07 05-09 04 d0 00 34 00 e3 17 |........ ....4...|
0090 00 02 0a 75 00 73 00 5f-00 65 00 6e 00 67 00 6c |...u.s._ .e.n.g.l|
00a0 00 69 00 73 00 68 00 00-ab 6a 00 47 16 00 00 01 |.i.s.h.. .j.G....|
00b0 00 27 00 43 00 68 00 61-00 6e 00 67 00 65 00 64 |.'.C.h.a .n.g.e.d|
00c0 00 20 00 6c 00 61 00 6e-00 67 00 75 00 61 00 67 |. .l.a.n .g.u.a.g|
00d0 00 65 00 20 00 73 00 65-00 74 00 74 00 69 00 6e |.e. .s.e .t.t.i.n|
00e0 00 67 00 20 00 74 00 6f-00 20 00 75 00 73 00 5f |.g. .t.o . .u.s._|
00f0 00 65 00 6e 00 67 00 6c-00 69 00 73 00 68 00 2e |.e.n.g.l .i.s.h..|
0100 00 08 41 00 4f 00 50 00-53 00 45 00 43 00 44 00 |..A.O.P. S.E.C.D.|
0110 42 00 00 00 00 ad 36 00-01 71 00 00 01 16 4d 00 |B.....6. .q....M.|
0120 69 00 63 00 72 00 6f 00-73 00 6f 00 66 00 74 00 |i.c.r.o. s.o.f.t.|
0130 20 00 53 00 51 00 4c 00-20 00 53 00 65 00 72 00 | .S.Q.L.  .S.e.r.|
0140 76 00 65 00 72 00 00 00-00 00 08 00 02 f8 e3 13 |v.e.r... ........|
0150 00 04 04 34 00 30 00 39-00 36 00 04 34 00 30 00 |...4.0.9 .6..4.0.|
0160 39 00 36 00 fd 00 00 00-00 00 00 00 00          |9.6..... .....|


16:18:26.067044 looking for login token, got  e3(ENVCHANGE)
16:18:26.067101 tds_process_default_tokens() marker is e3(ENVCHANGE)
tds_get_string: reading 10 from wire to give 5 to client.
tds_get_string: reading 12 from wire to give 6 to client.
16:18:26.067282 looking for login token, got  ab(INFO)
16:18:26.067333 tds_process_default_tokens() marker is ab(INFO)
tds_get_string: reading 72 from wire to give 36 to client.
tds_get_string: reading 16 from wire to give 8 to client.
16:18:26.067494 looking for login token, got  e3(ENVCHANGE)
16:18:26.067547 tds_process_default_tokens() marker is e3(ENVCHANGE)
16:18:26.068053 tds_iconv_info_init: converting "ISO-8859-1"->"CP1252"
16:18:26.068121 looking for login token, got  e3(ENVCHANGE)
16:18:26.068171 tds_process_default_tokens() marker is e3(ENVCHANGE)
tds_get_string: reading 20 from wire to give 10 to client.
16:18:26.068266 looking for login token, got  ab(INFO)
16:18:26.068317 tds_process_default_tokens() marker is ab(INFO)
tds_get_string: reading 78 from wire to give 39 to client.
tds_get_string: reading 16 from wire to give 8 to client.
16:18:26.068657 looking for login token, got  ad(LOGINACK)
tds_get_string: reading 44 from wire to give 22 to client.
16:18:26.071260 looking for login token, got  e3(ENVCHANGE)
16:18:26.071314 tds_process_default_tokens() marker is e3(ENVCHANGE)
tds_get_string: reading 8 from wire to give 4 to client.
tds_get_string: reading 8 from wire to give 4 to client.
16:18:26.071697 increasing block size from 4096 to 4096
16:18:26.071780 looking for login token, got  fd(DONE)
16:18:26.071834 tds_process_default_tokens() marker is fd(DONE)
16:18:26.071885 tds_process_end: more_results = 0
                was_cancelled = 0
                error = 0
                done_count_valid = 0
16:18:26.071941 tds_process_end() state set to TDS_IDLE
16:18:26.071987 leaving tds_process_login_tokens() returning 1
16:18:26.072065 tds_put_string converting 19 bytes of "set textsize 64512 "
16:18:26.072123 tds_put_string wrote 38 bytes
Sending packet @ 16:18:26.072174
0000 01 01 00 2e 00 00 01 00-73 00 65 00 74 00 20 00 |........ s.e.t. .|
0010 74 00 65 00 78 00 74 00-73 00 69 00 7a 00 65 00 |t.e.x.t. s.i.z.e.|
0020 20 00 36 00 34 00 35 00-31 00 32 00 20 00       | .6.4.5. 1.2. .|


Received header @ 16:18:26.072859
0000 04 01 00 11 00 4b 01 00-                        |.....K..|


Received packet @ 16:18:26.072979
0000 fd 00 00 be 00 00 00 00-00                      |........ .|


16:18:26.073089 processing result tokens.  marker is  fd(DONE)
16:18:26.073144 tds_process_end: more_results = 0
                was_cancelled = 0
                error = 0
                done_count_valid = 0
16:18:26.073201 tds_process_end() state set to TDS_IDLE
16:18:26.073247 tds_process_result_tokens() state is COMPLETED
SQLGetFunctions: fFunction is 1
SQLGetFunctions: fFunction is 2
SQLGetFunctions: fFunction is 1001
SQLGetFunctions: fFunction is 3
SQLGetFunctions: fFunction is 4
SQLGetFunctions: fFunction is 1002
SQLGetFunctions: fFunction is 72
SQLGetFunctions: fFunction is 5
SQLGetFunctions: fFunction is 1003
SQLGetFunctions: fFunction is 6
SQLGetFunctions: fFunction is 6
SQLGetFunctions: fFunction is 56
SQLGetFunctions: fFunction is 40
SQLGetFunctions: fFunction is 7
SQLGetFunctions: fFunction is 1004
SQLGetFunctions: fFunction is 8
SQLGetFunctions: fFunction is 9
SQLGetFunctions: fFunction is 41
SQLGetFunctions: fFunction is 1005
SQLGetFunctions: fFunction is 10
SQLGetFunctions: fFunction is 11
SQLGetFunctions: fFunction is 12
SQLGetFunctions: fFunction is 13
SQLGetFunctions: fFunction is 1021
SQLGetFunctions: fFunction is 60
SQLGetFunctions: fFunction is 15
SQLGetFunctions: fFunction is 1006
SQLGetFunctions: fFunction is 16
SQLGetFunctions: fFunction is 14
SQLGetFunctions: fFunction is 1007
SQLGetFunctions: fFunction is 42
SQLGetFunctions: fFunction is 17
SQLGetFunctions: fFunction is 43
SQLGetFunctions: fFunction is 1008
SQLGetFunctions: fFunction is 1009
SQLGetFunctions: fFunction is 1010
SQLGetFunctions: fFunction is 1012
SQLGetFunctions: fFunction is 44
SQLGetFunctions: fFunction is 45
SQLGetFunctions: fFunction is 1014
SQLGetFunctions: fFunction is 46
SQLGetFunctions: fFunction is 47
SQLGetFunctions: fFunction is 61
SQLGetFunctions: fFunction is 62
SQLGetFunctions: fFunction is 63
SQLGetFunctions: fFunction is 18
SQLGetFunctions: fFunction is 48
SQLGetFunctions: fFunction is 64
SQLGetFunctions: fFunction is 19
SQLGetFunctions: fFunction is 65
SQLGetFunctions: fFunction is 66
SQLGetFunctions: fFunction is 67
SQLGetFunctions: fFunction is 49
SQLGetFunctions: fFunction is 20
SQLGetFunctions: fFunction is 1016
SQLGetFunctions: fFunction is 50
SQLGetFunctions: fFunction is 21
SQLGetFunctions: fFunction is 1017
SQLGetFunctions: fFunction is 1018
SQLGetFunctions: fFunction is 1019
SQLGetFunctions: fFunction is 22
SQLGetFunctions: fFunction is 1020
SQLGetFunctions: fFunction is 51
SQLGetFunctions: fFunction is 52
SQLGetFunctions: fFunction is 53
SQLGetFunctions: fFunction is 70
SQLGetFunctions: fFunction is 54
SQLGetFunctions: fFunction is 23
SQLGetFunctions: fFunction is 1011
Creating prepared statement
Sending packet @ 16:18:26.076056
0000 03 01 01 76 00 00 01 00-ff ff 0b 00 00 00 00 01 |...v.... ........|
0010 26 04 00 00 00 63 00 00-00 00 09 04 d0 00 34 ff |&....c.. ......4.|
0020 ff ff ff 00 00 63 3c 01-00 00 09 04 d0 00 34 3c |.....c<. ......4<|
0030 01 00 00 53 00 45 00 4c-00 45 00 43 00 54 00 20 |...S.E.L .E.C.T. |
0040 00 73 00 69 00 64 00 20-00 20 00 20 00 46 00 52 |.s.i.d.  . . .F.R|
0050 00 4f 00 4d 00 20 00 73-00 65 00 6e 00 73 00 6f |.O.M. .s .e.n.s.o|
0060 00 72 00 20 00 20 00 57-00 48 00 45 00 52 00 45 |.r. . .W .H.E.R.E|
0070 00 20 00 68 00 6f 00 73-00 74 00 6e 00 61 00 6d |. .h.o.s .t.n.a.m|
0080 00 65 00 20 00 3d 00 20-00 27 00 31 00 30 00 2e |.e. .=.  .'.1.0..|
0090 00 32 00 2e 00 32 00 32-00 2e 00 31 00 27 00 20 |.2...2.2 ...1.'. |
00a0 00 20 00 20 00 20 00 41-00 4e 00 44 00 20 00 69 |. . . .A .N.D. .i|
00b0 00 6e 00 74 00 65 00 72-00 66 00 61 00 63 00 65 |.n.t.e.r .f.a.c.e|
00c0 00 20 00 3d 00 20 00 27-00 65 00 74 00 68 00 30 |. .=. .' .e.t.h.0|
00d0 00 27 00 20 00 20 00 20-00 20 00 41 00 4e 00 44 |.'. . .  . .A.N.D|
00e0 00 20 00 66 00 69 00 6c-00 74 00 65 00 72 00 20 |. .f.i.l .t.e.r. |
00f0 00 3d 00 27 00 6e 00 6f-00 74 00 20 00 68 00 6f |.=.'.n.o .t. .h.o|
0100 00 73 00 74 00 20 00 31-00 30 00 2e 00 32 00 2e |.s.t. .1 .0...2..|
0110 00 32 00 32 00 2e 00 31-00 27 00 20 00 20 00 20 |.2.2...1 .'. . . |
0120 00 20 00 41 00 4e 00 44-00 20 00 64 00 65 00 74 |. .A.N.D . .d.e.t|
0130 00 61 00 69 00 6c 00 20-00 3d 00 20 00 27 00 31 |.a.i.l.  .=. .'.1|
0140 00 27 00 20 00 20 00 20-00 20 00 41 00 4e 00 44 |.'. . .  . .A.N.D|
0150 00 20 00 65 00 6e 00 63-00 6f 00 64 00 69 00 6e |. .e.n.c .o.d.i.n|
0160 00 67 00 20 00 3d 00 20-00 27 00 30 00 27 00 00 |.g. .=.  .'.0.'..|
0170 00 38 01 00 00 00      -                        |.8....|


Received header @ 16:18:26.077504
0000 04 01 00 41 00 4b 01 00-                        |...A.K..|


Received packet @ 16:18:26.077668
0000 81 01 00 00 00 10 00 6c-11 0a 00 03 73 00 69 00 |.......l ....s.i.|
0010 64 00 ff 01 00 c1 00 00-00 00 00 79 00 00 00 00 |d....... ...y....|
0020 ac 0d 00 00 01 38 00 00-00 26 04 04 01 00 00 00 |.....8.. .&......|
0030 fe 00 00 e0 00 00 00 00-00                      |........ .|


16:18:26.077818 processing result tokens.  marker is  81(TDS7_RESULT)
tds_get_string: reading 6 from wire to give 3 to client.
16:18:26.078045 tds7_get_data_info:1451:
        colname = sid (3 bytes)
        type = 108 (numeric)
        server's type = 108 (numeric)
        column_varint_size = 1
        column_size = 17 (17 on server)
16:18:26.078128 processing result tokens.  marker is  ff(DONEINPROC)
16:18:26.078226 tds_process_end: more_results = 1
                was_cancelled = 0
                error = 0
                done_count_valid = 0
16:18:26.078287 processing result tokens.  marker is  79(RETURNSTATUS)
16:18:26.078337 processing result tokens.  marker is  ac(PARAM)
16:18:26.078386 processing parameters for sp 11
16:18:26.078433 calling tds_process_param_result
16:18:26.078486 processing result. type = 38(integer-null), varint_size 1
16:18:26.078539 processing result. column_size 4
16:18:26.078870 processing row.  column is 0 varint size = 1
16:18:26.078922 processing row.  column size is 4
16:18:26.078969 clearing column 0 NULL bit
16:18:26.079017 no of hidden return parameters 1
16:18:26.079068 processing result tokens.  marker is  fe(DONEPROC)
16:18:26.079120 tds_process_end: more_results = 0
                was_cancelled = 0
                error = 0
                done_count_valid = 0
16:18:26.079176 tds_process_end() state set to TDS_IDLE
16:18:26.079311 tds_process_result_tokens() state is COMPLETED
End prepare, execute
16:18:26.079378 tds_submit_execute()
Sending packet @ 16:18:26.079429
0000 03 01 00 27 00 00 01 00-0a 00 73 00 70 00 5f 00 |...'.... ..s.p._.|
0010 65 00 78 00 65 00 63 00-75 00 74 00 65 00 00 00 |e.x.e.c. u.t.e...|
0020 00 00 38 01 00 00 00   -                        |..8....|


Received header @ 16:18:26.080107
0000 04 01 00 31 00 4b 01 00-                        |...1.K..|


Received packet @ 16:18:26.080200
0000 81 01 00 00 00 10 00 6c-11 0a 00 03 73 00 69 00 |.......l ....s.i.|
0010 64 00 ff 11 00 c1 00 00-00 00 00 79 00 00 00 00 |d....... ...y....|
0020 fe 00 00 e0 00 00 00 00-00                      |........ .|


16:18:26.080319 processing result tokens.  marker is  81(TDS7_RESULT)
tds_get_string: reading 6 from wire to give 3 to client.
16:18:26.080494 tds7_get_data_info:1451:
        colname = sid (3 bytes)
        type = 108 (numeric)
        server's type = 108 (numeric)
        column_varint_size = 1
        column_size = 17 (17 on server)
16:18:26.080572 processing result tokens.  marker is  ff(DONEINPROC)
16:18:26.080624 tds_process_end: more_results = 1
                was_cancelled = 0
                error = 0
                done_count_valid = 1
16:18:26.080681                  rows_affected = 0
Creating prepared statement
tds_submit_query(): state is PENDING
16:18:26.080964 tds_client_msg: #20019: "Attempt to initiate a new SQL Server operation with results pending.".  Connection state is
 now 1.
Creating prepared statement
tds_submit_query(): state is PENDING
16:18:26.081263 tds_client_msg: #20019: "Attempt to initiate a new SQL Server operation with results pending.".  Connection state is
 now 1.













------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]




More information about the Snort-users mailing list