[Snort-users] R: v2.8.4 incorrect logging to MySQL: PATCH

Stephen Reese rsreese at ...11827...
Mon Apr 13 15:15:54 EDT 2009


On Mon, Apr 13, 2009 at 11:07 AM, Todd Wease <twease at ...1935...> wrote:
> Thanks much Luigi.  That is the fix.
>
>
> snortml at ...14556... wrote:
>> I'm having exactly the same problem: fresh 2.8.4 install with mysql output:
>> sensor table never gets inserted a row.
>>
>> I think I have found the problem and produced a simple patch but please,
>> revise it: I'm not a coder, and have no particular experience with snort. So
>> I'm not sure my patch can not have some side-effecs.
>>
>> That said, the problem seems to be in Select() in
>> src/output-plugins/spo_database.c , in the portion of the function used with
>> the mysql db (I did not examine other dbs' code).
>> This function makes a SQL SELECT and, upon success, returns the fetched
>> value converted to integer. When it encounters an error, returns 0.
>> But, as a special case, when the query was successfull but did not yeld any
>> row, it returns 1. There is no distinction whether the "1" returned was
>> because the value "1" was fetched from the DB, or simply the DB did not
>> return any row.
>> As a consequence, when this code is executed:
>>
>>     data->shared->sid = Select(select_sensor_id,data);
>>     if(data->shared->sid == 0)
>>     {
>>         Insert(insert_into_sensor,data);
>>
>> the Select() returns 1, and the Insert() is never done.
>> So the sensor table remains empty.
>>
>> My patch is just as simple as:
>>
>> # diff -ubB spo_database.c.orig spo_database.c
>> --- spo_database.c.orig      2009-04-13 16:03:49.000000000 +0200
>> +++ spo_database.c   2009-04-13 15:59:53.000000000 +0200
>> @@ -2798,6 +2798,14 @@
>>                      {
>>                          result = atoi(data->m_row[0]);
>>                      }
>> +                    else
>> +                    {
>> +                        result = 0;
>> +                    }
>> +                }
>> +                else
>> +                {
>> +                    result = 0;
>>                  }
>>              }
>>              mysql_free_result(data->m_result);
>>
>> I simply return 0 (false) if the query was technically successfull, but no
>> result was found.


Also worked for me, thanks!




More information about the Snort-users mailing list