[Snort-users] R: v2.8.4 incorrect logging to MySQL: PATCH

Jason Wallace jason.r.wallace at ...11827...
Tue Apr 14 10:00:57 EDT 2009


So should we expect to see a snort-2.8.4.1 out soon with this fix
included? I'm getting ready to submit a new ebuild for Gentoo for
snort 2.8.4. I can wait a couple of days if an official version with
this fix is going to to be released soon. If not, I can add this patch
to my build process.

Thx,
Wally

On Mon, Apr 13, 2009 at 3:15 PM, Stephen Reese <rsreese at ...11827...> wrote:
> On Mon, Apr 13, 2009 at 11:07 AM, Todd Wease <twease at ...1935...> wrote:
>> Thanks much Luigi.  That is the fix.
>>
>>
>> snortml at ...14556... wrote:
>>> I'm having exactly the same problem: fresh 2.8.4 install with mysql output:
>>> sensor table never gets inserted a row.
>>>
>>> I think I have found the problem and produced a simple patch but please,
>>> revise it: I'm not a coder, and have no particular experience with snort. So
>>> I'm not sure my patch can not have some side-effecs.
>>>
>>> That said, the problem seems to be in Select() in
>>> src/output-plugins/spo_database.c , in the portion of the function used with
>>> the mysql db (I did not examine other dbs' code).
>>> This function makes a SQL SELECT and, upon success, returns the fetched
>>> value converted to integer. When it encounters an error, returns 0.
>>> But, as a special case, when the query was successfull but did not yeld any
>>> row, it returns 1. There is no distinction whether the "1" returned was
>>> because the value "1" was fetched from the DB, or simply the DB did not
>>> return any row.
>>> As a consequence, when this code is executed:
>>>
>>>     data->shared->sid = Select(select_sensor_id,data);
>>>     if(data->shared->sid == 0)
>>>     {
>>>         Insert(insert_into_sensor,data);
>>>
>>> the Select() returns 1, and the Insert() is never done.
>>> So the sensor table remains empty.
>>>
>>> My patch is just as simple as:
>>>
>>> # diff -ubB spo_database.c.orig spo_database.c
>>> --- spo_database.c.orig      2009-04-13 16:03:49.000000000 +0200
>>> +++ spo_database.c   2009-04-13 15:59:53.000000000 +0200
>>> @@ -2798,6 +2798,14 @@
>>>                      {
>>>                          result = atoi(data->m_row[0]);
>>>                      }
>>> +                    else
>>> +                    {
>>> +                        result = 0;
>>> +                    }
>>> +                }
>>> +                else
>>> +                {
>>> +                    result = 0;
>>>                  }
>>>              }
>>>              mysql_free_result(data->m_result);
>>>
>>> I simply return 0 (false) if the query was technically successfull, but no
>>> result was found.
>
>
> Also worked for me, thanks!
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list