[Snort-users] cannot authenticate to MSSQL database from BASE

Joel Esler jesler at ...1935...
Sat Feb 11 17:13:11 EST 2012


I wasnt commenting on the problem. Simply the complexity of the setup and the decision to use Windows.  

--
Joel Esler

On Feb 11, 2012, at 12:14 PM, "Michael Steele" <michaels at ...9077...> wrote:

> Joel,
>  
> He is going to have the same problem no matter what platform he is using, as long as he is connecting to a SQL Server database.
>  
> Kindest regards,
> Michael...
>  
>  
> From: Joel Esler [mailto:jesler at ...1935...] 
> Sent: Saturday, February 11, 2012 10:23 AM
> To: tadios tefera
> Cc: Michael Steele; Billy Marshall; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] cannot authenticate to MSSQL database from BASE
>  
> Any particular reason you are doing such an elaborate set up and not taking the extra step to do it in Linux?
> 
> --
> Joel Esler
> 
> On Feb 10, 2012, at 10:39 AM, tadios tefera <ttefera at ...11827...> wrote:
> 
> Due to internal requirements, I have installed WinIDS, using three different servers.
> 
> SERVER-A has a working snort engine that is able to write to an MS SQL database.
> 
> SERVER-B is an MS SQL_10 server. MS SQL server is a pre-existing full blown install and was not setup per the direction on Winsnort, but the snort and snort_archive instances were.
> 
> SERVER-C is an IIS7 Server hosting php, adodb and base. Althought IIS7 was not installed per direction on winsnort, the configuration of base and php were.
> 
> Michael, thanks for your reminder about using Wordpad, I had been using Notepad and will start the whole thing over using Wordpad.
> 
> Following that, I will also verify if Billy's suggestion may be a solution to the issue I am having.
> 
> Thanks,
> 
> Tad.
> 
>  
> 
>  
> 
> On Mon, Feb 6, 2012 at 5:44 PM, Michael Steele <michaels at ...9077...> wrote:
> I think you are so far past what he can do, but maybe not? It was depicted as if he used the install guide from Winsnort.com. If he installed SQL Server for SSL then the SQL Server was not installed as described in the guide.
>  
> Kindest regards,
> Michael...
>  
> WINSNORT.com Management Team Member
> --
> ****************** Established ~ 2001 *******************
> *          Visit Us @ http://www.winsnort.com           *
> *      ~~ FREE WinIDS Snort installation guides ~~      *
> *               ~~ FREE support forums ~~               *
> * Snort: Open Source Network IDS - http://www.snort.org *
> *********************************************************
>  
> From: Billy Marshall [mailto:Billy.Marshall at ...9988...] 
> Sent: Monday, February 06, 2012 3:57 PM
> To: 'tadios tefera'; Michael Steele
> Cc: snort-users at lists.sourceforge.net
> 
> Subject: Re: [Snort-users] cannot authenticate to MSSQL database from BASE
>  
> Not sure but it starting to sound like a CA certificate issue not an encryption issue. Hope the following helps
>  
> http://support.microsoft.com/kb/318605
>  
> Install the public key in the client server. 
> 
> For the client to request the SSL encryption, the client computer must trust the server certificate and the certificate must already exist on the server. You have to use the MMC snap-in to export the Trusted Root Certification Authority used by the server certificate:
> 
> 1.       To export the server certificate's Trusted Root Certificate Authority (CA), follow these steps:
> a.       Open MMC, and then locate your certificate in the Personal folder.
> b.      Right-click the certificate name, and then click Open.
> c.       Review the Certification Path tab. Note the top most item.
> d.      Navigate to the Trusted Root Certification Authorities folder, and then locate the Certificate Authority noted in step c..
> e.      Right-click CA, point to All Tasks, and then click Export.
> f.        Select all the defaults, and then save the exported file to your disk where the client computer can access the file.
> 1.       Follow these steps to import the certificate on the client computer:
> a.       Navigate to the client computer by using the MMC snap-in, and then browse to the Trusted Root Certification Authorities folder.
> b.      Right-click the Trusted Root Certification Authorities folder, point to All Tasks, and then click Import.
> 
> 
> 
> >>> "Michael Steele" <michaels at ...9077...> 2/3/2012 8:34 AM >>>
> Did you use the SQL Server software pack provided on Winsnort.com?
> 
> Was it installed using the guide on Winsnort.com?
>  
> Kindest regards,
> Michael...
>  
> WINSNORT.com Management Team Member
> --
> ****************** Established ~ 2001 *******************
> *          Visit Us @ http://www.winsnort.com           *
> *      ~~ FREE WinIDS Snort installation guides ~~      *
> *               ~~ FREE support forums ~~               *
> * Snort: Open Source Network IDS - http://www.snort.org *
> *********************************************************
>  
> From: tadios tefera [mailto:ttefera at ...11827...] 
> Sent: Thursday, February 02, 2012 11:12 AM
> To: Jeremy Hoel
> Cc: Billy Marshall; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] cannot authenticate to MSSQL database from BASE
>  
> Yes, that is what it is showing, it is also several pages long.
>  
> So does anyone have any suggestions?
> Is this a bug in the versions I am running?
>  
> PHP 5.2.17
> adodb514
> base 1.4.5
>  
> Also, in my original question, the MSSQL Server Log shows that a connection is attempted but fails. The connection failure is indicated by the following:
>  
> "Encryption is required to connect to this server but the client library does not support encryption; the connection has been closed. Please upgrade your client library. [CLIENT: 192.168.15.111]"
> The specified IP is of the webserver that is hosting base, php and adodb.
>  
> What client library should I be using? and is there a way to specify encryption in base_config.php or php.ini?
>  
> 
> 
>  
> On Thu, Feb 2, 2012 at 10:30 AM, Jeremy Hoel <jthoel at ...11827...> wrote:
> When you run that page (test.php) does it display a lot of info about
> php?  If it does, then it's working.  From your message it sounds like
> it's showing
> 
> "<?php
> 
>    phpinfo();
> 
> ?>"
> 
> 
> IT should show something like this -
> http://files.zend.com/help/Zend-Core/phpinfo_screen.png
> 
> On Thu, Feb 2, 2012 at 3:23 PM, tadios tefera <ttefera at ...11827...> wrote:
> > How can I confirm php is executing?
> >
> > Per the documentation on Winsnort.com on how to setup snort and Base on
> > Windows, I have followed the test procedure to verify that php is executing.
> > the procedure states, to place a test.php file in c:\inetpub\wwwroot\base.
> > The from a browser to execute test.php by http://ServerName/base/test.php
> > Test.php contains the following:
> > <?php
> >
> >     phpinfo();
> >
> > ?>
> >
> > The outcome on my browser is what is expected per the documentation on
> > Winsnort.com; it is a table showing php version, system, build date,
> > configure command, server api, etc....
> >
> > Is this not a sufficient way to confirm that php is executing?
> >
> >
> >
> >
> > On Thu, Feb 2, 2012 at 10:04 AM, Jeremy Hoel <jthoel at ...11827...> wrote:
> >>
> >> Err.. sorry.  Got cut off at work
> >>
> >> php is not parsing the file correctly.. it's not being interpreted by
> >> the web server.
> >>
> >>
> >>
> >> On Thu, Feb 2, 2012 at 3:03 PM, Jeremy Hoel <jthoel at ...11827...> wrote:
> >> > if you just see the text of the php file and not the rendered version,
> >> > then php isn't executing..
> >> >
> >> > On Wed, Feb 1, 2012 at 10:43 PM, tadios tefera <ttefera at ...11827...>
> >> > wrote:
> >> >> I am new to php and base...
> >> >> How exactly should I be using this test?
> >> >> If I save it as testing.php in the c:\inetpub\wwwroot\base, and attempt
> >> >> to
> >> >> run it from a browser by http://ServerName/base/testing.php, i just get
> >> >> the
> >> >> text content of the testing.php displayed in the browser.
> >> >>
> >> >> any suggestions?
> >> >>
> >> >>
> >> >>
> >> >> On Mon, Jan 30, 2012 at 4:29 PM, Billy Marshall
> >> >> <Billy.Marshall at ...9988...>
> >> >> wrote:
> >> >>>
> >> >>> tad,
> >> >>>
> >> >>> To test MSSQL basic connect using ADOdb is:
> >> >>>
> >> >>>
> >> >>> include('/path/to/set/here/adodb.inc.php');
> >> >>> $db =& ADONewConnection('odbc_mssql');
> >> >>>
> >> >>> $dsn = "Driver={SQL Server};Server=localhost;Database=northwind;";
> >> >>> $db->Connect($dsn,'userid','password');
> >> >>>
> >> >>> or if you prefer to use the mssql extension (which is limited to mssql
> >> >>> 6.5
> >> >>> functionality):
> >> >>>
> >> >>>          $db =& ADONewConnection('mssql');
> >> >>>
> >> >>>          $db->Execute('localhost', 'userid', 'password', 'northwind');
> >> >>>
> >> >>>
> >> >>> >>> tadios tefera <ttefera at ...11827...> 1/26/2012 4:02 PM >>>
> >> >>>
> >> >>> not sure if my earlier message was delivered....
> >> >>>
> >> >>> I have placed the connect.php file you attached in the "base" folder
> >> >>> on
> >> >>> the IIS server.
> >> >>>
> >> >>> I have adjusted the authencitation info (password, etc...) for our SQL
> >> >>> server:
> >> >>> $serverName = "SERVER-B";
> >> >>> $usr="snort";
> >> >>> $pwd="mypassword";
> >> >>> $db="snort";
> >> >>>
> >> >>> And then I attempted to test by going to
> >> >>> http://SERVER-C/base/connect.php
> >> >>> ; this is the reponse I got:
> >> >>> "Fatal error: Call to undefined function sqlsrv_connect() in
> >> >>> C:\inetpub\wwwroot\base\connect.php on line 11"
> >> >>>
> >> >>> In my scenario, SERVER-B is the MSSQL server and SERVER-C is the IIS
> >> >>> server.
> >> >>>
> >> >>> Am I using the connect.php DB connection test file as you anticipated?
> >> >>>
> >> >>> Thanks,
> >> >>>
> >> >>> Tad.
> >> >>>
> >> >>> On Mon, Jan 23, 2012 at 1:34 PM, tadios tefera <ttefera at ...14542....>
> >> >>> wrote:
> >> >>>>
> >> >>>> Thank you for your response Michael,
> >> >>>> I have placed the connect.php file you attached in the "base" folder
> >> >>>> on
> >> >>>> the IIS server.
> >> >>>> I have adjusted the authencitation info (password, etc...) for our
> >> >>>> SQL
> >> >>>> server:
> >> >>>> $serverName = "SERVER-B";
> >> >>>> $usr="snort";
> >> >>>> $pwd="mypassword";
> >> >>>> $db="snort";
> >> >>>> And then I attempted to test by going to
> >> >>>> http://SERVER-C/base/connect.php
> >> >>>> ; this is the reponse I got:
> >> >>>> "Fatal error: Call to undefined function sqlsrv_connect() in
> >> >>>> C:\inetpub\wwwroot\base\connect.php on line 11"
> >> >>>> In my scenario, SERVER-B is the MSSQL server and SERVER-C is the IIS
> >> >>>> server.
> >> >>>> Am I using the connect.php DB connection test file as you
> >> >>>> anticipated?
> >> >>>> Thanks,
> >> >>>> Tad.
> >> >>>> On Sun, Jan 22, 2012 at 10:19 AM, Michael Steele
> >> >>>> <michaels at ...9077...>
> >> >>>> wrote:
> >> >>>>>
> >> >>>>> You might be able to use the attached .php file to test the DB
> >> >>>>> connection and users credentials to the remote MSSQL database.
> >> >>>>>
> >> >>>>> Kindest regards,
> >> >>>>>
> >> >>>>> Michael...
> >> >>>>>
> >> >>>>> WINSNORT.com Management Team Member
> >> >>>>>
> >> >>>>> --
> >> >>>>>
> >> >>>>> ****************** Established ~ 2001 *******************
> >> >>>>>
> >> >>>>> * Visit Us @ http://www.winsnort.com *
> >> >>>>>
> >> >>>>> * ~~ FREE WinIDS Snort installation guides ~~ *
> >> >>>>>
> >> >>>>> * ~~ FREE support forums ~~ *
> >> >>>>>
> >> >>>>> * Snort: Open Source Network IDS - http://www.snort.org *
> >> >>>>>
> >> >>>>> *********************************************************
> >> >>>>>
> >> >>>>> From: tadios tefera [mailto:ttefera at ...11827...]
> >> >>>>> Sent: Tuesday, January 17, 2012 11:31 AM
> >> >>>>> To: snort-users at lists.sourceforge.net
> >> >>>>> Subject: [Snort-users] cannot authenticate to MSSQL database from
> >> >>>>> BASE
> >> >>>>>
> >> >>>>> Hi,
> >> >>>>>
> >> >>>>> I have managed to get Snort 2.9.2 working on Windows 2008 R2
> >> >>>>> Servers.
> >> >>>>>
> >> >>>>> The generated data from Snort is being placed in an mssql database.
> >> >>>>>
> >> >>>>> My setup is as follows:
> >> >>>>>
> >> >>>>> - Snort on a SERVER-A
> >> >>>>>
> >> >>>>> - Database (MSSQL) on SERVER-B
> >> >>>>>
> >> >>>>> - Web Portal (IIS7) on SERVER-C
> >> >>>>>
> >> >>>>> But I am baffled as to how I can access the Snort data from the
> >> >>>>> database.
> >> >>>>>
> >> >>>>> I have installed and configured base, adodb, and php on IIS7 and all
> >> >>>>> indications are that the installs/configurations are correct.
> >> >>>>>
> >> >>>>> When I access the "base" site from a browser: http://SERVER-C/base ,
> >> >>>>> I
> >> >>>>> get the following error:
> >> >>>>>
> >> >>>>> ------------------------------------------
> >> >>>>>
> >> >>>>> Warning: mssql_connect() [function.mssql-connect]: Unable to connect
> >> >>>>> to
> >> >>>>> server: SERVER-B in C:\WinIDS\adodb\drivers\adodb-mssql.inc.php on
> >> >>>>> line 556
> >> >>>>>
> >> >>>>> Error connecting to DB : snort at ...15494...
> >> >>>>>
> >> >>>>> Check the DB connection variables in base_conf.php
> >> >>>>> = $alert_dbname : MySQL database name where the alerts are stored
> >> >>>>> = $alert_host : host where the database is stored
> >> >>>>> = $alert_port : port where the database is stored
> >> >>>>> = $alert_user : username into the database
> >> >>>>> = $alert_password : password for the username
> >> >>>>>
> >> >>>>> ------------------------------------------
> >> >>>>>
> >> >>>>> I have verified numberous times that the dbname, host, port, user
> >> >>>>> and
> >> >>>>> password information are entered correctly in the base_conf.php
> >> >>>>> file.
> >> >>>>>
> >> >>>>> I have also tried changing hostname with IP and resetting the
> >> >>>>> password
> >> >>>>> on the database instance with no luck.
> >> >>>>>
> >> >>>>> I looked into the SQL server logs and it shows encryption is
> >> >>>>> required
> >> >>>>> for this communication. The exact error message in the mssql logs
> >> >>>>> is:
> >> >>>>>
> >> >>>>> "Encryption is required to connect to this server but the client
> >> >>>>> library
> >> >>>>> does not support encryption; the connection has been closed. Please
> >> >>>>> upgrade
> >> >>>>> your client library. [CLIENT: 192.168.15.111]"
> >> >>>>>
> >> >>>>> Client with IP 192.168.15.111 is SERVER-C.
> >> >>>>>
> >> >>>>> My question is, how do I configure authentication encryption to
> >> >>>>> access
> >> >>>>> this database from Base?
> >> >>>>>
> >> >>>>> Thanks,
> >> >>>>>
> >> >>>>> Tad.
> >> >>>>>
> >> >>>>>
> >> >>>>
> >> >>>>
> >> >>>
> >> >>
> >> >>
> >> >>
> >> >> ------------------------------------------------------------------------------
> >> >> Keep Your Developer Skills Current with LearnDevNow!
> >> >> The most comprehensive online learning library for Microsoft developers
> >> >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3,
> >> >> MVC3,
> >> >> Metro Style Apps, more. Free future releases when you subscribe now!
> >> >> http://p.sf.net/sfu/learndevnow-d2d
> >> >> _______________________________________________
> >> >> Snort-users mailing list
> >> >> Snort-users at lists.sourceforge.net
> >> >> Go to this URL to change user options or unsubscribe:
> >> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> >> Snort-users list archive:
> >> >> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >> >>
> >> >> Please visit http://blog.snort.org to stay current on all the latest
> >> >> Snort
> >> >> news!
> >
> >
>  
>  
>  
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing 
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120211/bd9f0573/attachment.html>


More information about the Snort-users mailing list