[Snort-users] Snort with Oracle in Windows

Ke Lu myoldtrafford at ...11827...
Mon Aug 10 23:37:57 EDT 2009


Hi, anyone has succeeded in using Oracle as snort output plugin? I used
Mssql as snort output plugin successfully. But when i try to use Oracle, it
failed.

My software version and install enviroment are as follows:

Software:
    Snort_2_8_0_1
    Oracle10g
OS:
    Window Server 2003

note: i installed Oracle client and Snort on the same server, and i want to
log data to remote server which installed Oracle.

snort config file:
    output database: log, Oracle, host=202.117.54.251 port=1521 dbname=net
user=klu password=abc sensor_name=svctag-9d8bk2x detail=Fast

tnsnames.ora file:
    # tnsnames.ora Network Configuration File:
e:\Ora10StandardClient\NETWORK\ADMIN\tnsnames.ora
    # Generated by Oracle configuration tools.

    NET =
      (DESCRIPTION =
        (ADDRESS_LIST =
          (ADDRESS = (PROTOCOL = TCP)(HOST = 202.117.54.251)(PORT = 1521))
        )
        (CONNECT_DATA =
          (SERVICE_NAME = net)
        )
      )

i can connect Oracle with sql*plus, but when i run Snort, it failed to
connect Oracle with following messages:

database: compiled support for ( odbc oracle )
database: configured to use Oracle
database:          host = 202.117.54.251
database:          port = 1521
database: database name = net
database:          user = klu
database: password is set
database:   sensor name = svctag-9d8bk2x
database: detail level  = Fast
database : ORACLE_HOME environment variable not set
database: hostname not required for Oracle, use dbname
database: dbname must be in tnsnames.ora
database: Oracle_error:
ERROR: database: OCIInitialize : Connection to database 'net' failed
Fatal Error, Quitting..

Question 1:
    anyone can tell me where to set ORACLE_HOME environment in snort?
Question 2:
    What does "hostname not required for Oracle, use dbname" and "dbname
must be in tnsnames.ora" mean ?

Thank you in advanced!
-- 
Lu Ke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090811/14fc21d0/attachment.html>


More information about the Snort-users mailing list