[Snort-users] v2.8.4 incorrect logging to MySQL

Stephen Reese rsreese at ...11827...
Sat Apr 11 18:11:29 EDT 2009


On Sat, Apr 11, 2009 at 3:16 PM, Matt Watchinski
<mwatchinski at ...1935...> wrote:
> Turn on mysql query logging and see if snort its trying to insert to
> those tables.  It doesn't looks like much changed in spo_database.c
>
> Cheers,
> -matt

Here's a couple of queries from a ping that Snort picked up on. There
are still no values appearing in the signature or sensor tables.


                     22 Query       INSERT INTO data
(sid,cid,data_payload) VALUES
(1,80,'9614E149E973090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
                     22 Query       COMMIT
                     22 Query       BEGIN
                     22 Query       SELECT sig_id   FROM signature
WHERE sig_name = 'ICMP PING'    AND sig_rev = 5    AND sig_sid = 384
 AND sig_gid = 1
                     22 Query       INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 81, 1, '2009-04-11 18:07:20')
                     22 Query       INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,81,8,0,63192,44111,2)
                     22 Query       INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen,        ip_tos, ip_len, ip_id,
ip_flags, ip_off,       ip_ttl, ip_proto, ip_csum) VALUES
(1,81,2886730504,2886730242,4,5,0,84,0,0,0,63,1,56958)
                     22 Query       INSERT INTO data
(sid,cid,data_payload) VALUES
(1,81,'9614E149E973090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
                     22 Query       COMMIT
090411 18:07:21      22 Query       BEGIN
                     22 Query       SELECT sig_id   FROM signature
WHERE sig_name = 'ICMP PING BSDtype'    AND sig_rev = 6    AND sig_sid
= 368    AND sig_gid = 1
                     22 Query       INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 82, 1, '2009-04-11 18:07:21')
                     22 Query       INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,82,8,0,45018,44111,3)
                     22 Query       INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen,        ip_tos, ip_len, ip_id,
ip_flags, ip_off,       ip_ttl, ip_proto, ip_csum) VALUES
(1,82,2886730504,2886730242,4,5,0,84,0,0,0,64,1,56702)
                     22 Query       INSERT INTO data
(sid,cid,data_payload) VALUES
(1,82,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
                     22 Query       COMMIT
                     22 Query       BEGIN
                     22 Query       SELECT sig_id   FROM signature
WHERE sig_name = 'ICMP PING *NIX'    AND sig_rev = 7    AND sig_sid =
366    AND sig_gid = 1
                     22 Query       INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 83, 1, '2009-04-11 18:07:21')
                     22 Query       INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,83,8,0,45018,44111,3)
                     22 Query       INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen,        ip_tos, ip_len, ip_id,
ip_flags, ip_off,       ip_ttl, ip_proto, ip_csum) VALUES
(1,83,2886730504,2886730242,4,5,0,84,0,0,0,64,1,56702)
                     22 Query       INSERT INTO data
(sid,cid,data_payload) VALUES
(1,83,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
                     22 Query       COMMIT
                     22 Query       BEGIN
                     22 Query       SELECT sig_id   FROM signature
WHERE sig_name = 'ICMP PING'    AND sig_rev = 5    AND sig_sid = 384
 AND sig_gid = 1
                     22 Query       INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 84, 1, '2009-04-11 18:07:21')
                     22 Query       INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,84,8,0,45018,44111,3)
                     22 Query       INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen,        ip_tos, ip_len, ip_id,
ip_flags, ip_off,       ip_ttl, ip_proto, ip_csum) VALUES
(1,84,2886730504,2886730242,4,5,0,84,0,0,0,64,1,56702)
                     22 Query       INSERT INTO data
(sid,cid,data_payload) VALUES
(1,84,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
                     22 Query       COMMIT
                     22 Query       BEGIN
                     22 Query       SELECT sig_id   FROM signature
WHERE sig_name = 'ICMP PING BSDtype'    AND sig_rev = 6    AND sig_sid
= 368    AND sig_gid = 1
                     22 Query       INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 85, 1, '2009-04-11 18:07:21')
                     22 Query       INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,85,8,0,45018,44111,3)
                     22 Query       INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen,        ip_tos, ip_len, ip_id,
ip_flags, ip_off,       ip_ttl, ip_proto, ip_csum) VALUES
(1,85,2886730504,2886730242,4,5,0,84,0,0,0,63,1,56958)
                     22 Query       INSERT INTO data
(sid,cid,data_payload) VALUES
(1,85,'9714E1492F71090008090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637')
                     22 Query       COMMIT
                     22 Query       BEGIN
                     22 Query       SELECT sig_id   FROM signature
WHERE sig_name = 'ICMP PING *NIX'    AND sig_rev = 7    AND sig_sid =
366    AND sig_gid = 1
                     22 Query       INSERT INTO event
(sid,cid,signature,timestamp) VALUES (1, 86, 1, '2009-04-11 18:07:21')
                     22 Query       INSERT INTO icmphdr (sid, cid,
icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) VALUES
(1,86,8,0,45018,44111,3)
                     22 Query       INSERT INTO iphdr (sid, cid,
ip_src, ip_dst, ip_ver, ip_hlen,        ip_tos, ip_len, ip_id,
ip_flags, ip_off,       ip_ttl, ip_proto, ip_csum) VALUES
(1,86,2886730504,2886730242,4,5,0,84,0,0,0,63,1,56958)




More information about the Snort-users mailing list