[Snort-users] snort-2.8.0.2. Bug in MySQL?

Jack Pepper pepperjack at ...14319...
Thu Mar 13 08:41:28 EDT 2008


Quoting salomon.riedo at ...14317...:

> Hey JJC
>
> Thanks for your response.
> --> i doesn't have lots of data, so i think, that i don't need barnyard
> ... I think, that this is the main reason to use it?
> --> Primary symptoms:
>      Database is Empty (whith the previous version of snort [2.8.0.1] it
> ran without any troubles ... )
>

OK, so no data in the db.
1.  Do you have alert data being reported to the alert log?
   No? : it's not a db problem, it's a dead snort problem.  end.
   Yes? : it's a db output problem.  proceed.

2.  Does the snort.conf file have a mysql output line?
3.  Try to log into mysql using the user id and password specified on  
the output line.
4.  While logged into the database type this command:
       select vseq from schema;
5.  Does it say "107" ?
6.  If not, then the problem is that your old database is not  
compatible with the schema used in snort 2.8 .  The database will need  
to be recreated from scratch.

I hope this helps.  Post back to the list with your progress.

jp









> Another solution is using the previous version.
>
> ________________________________________________________________________
> ________
>
>
>
>
>  You should use unified output and use barnyard to read said unified
> data and write into mysql.
> There are several well documented reasons for this on the web...
>
> JJC
>
>
>
> 	> I'am relatively new in this group and have an unsolved problem
> with
> 	> logging alerts to a MySQL-DB since the upgrade to Snort
> 2.8.0.2.
> 	> If I run the configure-script: # ./configure --with-mysql,
> there are no
> 	> errors.
> 	>sql
> 	> My questions:
> 	> - Are there any essential changes on the new version?
> 	> - Could it be, that the problem is on my running-system
> (OpenSuse10.3)?
> 	>
>
>
> 	what is the primary symptom?
>
> 	Snort wont build?
> 	Snort wont run?
> 	Database is Empty?
>
>
>
>
>
> 	> Thx
> 	> Salomon
>
>
>
>
>
>
>
>



-- 

Framework?  I don't need no stinking framework!

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com





More information about the Snort-users mailing list