|
|
|
Choosing A Webhost: |
Wood's barnyard-mssql patch: msg#00013security.ids.snort.barnyard.user
I'm having trouble with David's (1) mssql patch. I applied it to barnyard-0.2.0 and created mssql tables and an sql account with insert/read privileges. (1) http://sourceforge.net/mailarchive/forum.php? thread_id=5948053&forum_id=7997 barnyard.conf looks as follows: output log_acid_db: tds, sensor_id 1, database Logs, server ntserver3, user sensor, password xxxxxx, detail full sqlsh tell us that the table at least exists.... even if it is empty: latex:/var/log/snort# sqsh -I /etc/freetds/freetds.conf -U logger -P "zqvjwkm" -S ntserver3 -D Logs sqsh-2.1 Copyright (C) 1995-2001 Scott C. Gray This is free software with ABSOLUTELY NO WARRANTY For more information type '\warranty' 1> select * from event; 2> go (0 rows affected) Finally barnyard+mssqpatch is run with verbose logging on a one time run through of a unified log: It looks like we connect and change database contexts fine, but it dies as it tries to reference the event table. latex:/var/log/snort# /usr/local/bin/barnyard -o snort.unified.log.1101245338 -vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv Barnyard Version 0.2.0 (Build 32) ... SNIPED all but program variables...... Program Variables: Batch processing mode Config dir: /etc/snort Config file: /etc/snort/barnyard.conf Sid-msg file: /etc/snort/sid-msg.map Gen-msg file: /etc/snort/gen-msg.map Class file: /etc/snort/classification.config Hostname: latex.internal.compu-share.com Interface: BPF Filter: Log dir: /var/log/snort Verbosity: 39 Localtime: 0 File list: /var/log/snort/snort.unified.log.1101245338 Processing: /var/log/snort/snort.unified.log.1101245338 OpAcidDB configured Database Flavour: tds Detail Level: Full Database Server: ntserver3 Database User: sensor Msg 5701, Level 0, State 2 Server 'NTSERVER3', Changed database context to 'Logs'. Msg 5703, Level 0, State 1 Server 'NTSERVER3', Changed language setting to us_english. Msg 5701, Level 0, State 1 Server 'NTSERVER3', Line 1 Changed database context to 'Logs'. Msg 208, Level 16, State 1 Server 'NTSERVER3', Line 1 Invalid object name 'event'. Msg 5, Level -1, State 20018 Segmentation fault latex:/var/log/snort# ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | RE: [Snort-users] Output alert_acid_db, M. Shirk |
|---|---|
| Next by Date: | barnyard logging mysteries, Chris McClimans |
| Previous by Thread: | RE: [Snort-users] Output alert_acid_db, M. Shirk |
| Next by Thread: | barnyard logging mysteries, Chris McClimans |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
