Re: [Snort-users] Compiling with mysql & mssql support
This is a discussion on Re: [Snort-users] Compiling with mysql & mssql support within the Snort forums, part of the System Security and Security Related category; --===============1713429018== Content-Type: multipart/alternative; boundary="----=_Part_349941_7327697.1178059993433" ------=_Part_349941_7327697.1178059993433 Content-Type: text/plain; charset=ISO-8859-1; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-01-2007
|
|||
|
|||
Re: [Snort-users] Compiling with mysql & mssql support
--===============1713429018==
Content-Type: multipart/alternative; boundary="----=_Part_349941_7327697.1178059993433" ------=_Part_349941_7327697.1178059993433 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline mysql and mssql are different. If you are going to be connecting to a mssql database from *nix use odbc.... http://www.snort.org/docs/snortdb/snortdb_install.html Regards, Will On 5/1/07, David.Ryan@quintiles.com <David.Ryan@quintiles.com> wrote: > > > All, > > I tried compiling with '--with-mssql' and it didn't complain, or at least > not that I saw. When I tried to compile previously without the relevant > mysql-devel bits it complained loudly, so I expected it to do the same if > there was something missing from the mssql environment. > > However, when I went to run snort it complained that this version wasn't > compiled with mssql support. It then suggested adding the switch (which I > already did) or adding the database path, but in this instance the database > is held elsewhere so I don't think the path concept would apply. Error > message follows - > May 1 23:13:34 localhost snort[23378]: Daemon initialized, signaled > parent pid: 23377 > May 1 23:13:34 localhost snort[23378]: database: 'mssql' support is not > compiled into this build of snort > May 1 23:13:34 localhost snort[23378]: FATAL ERROR: If this build of > snort was obtained as a binary distribution (e.g., rpm, or Windows), then > check for alternate builds that contains the necessary 'mssql' support. If > this build of snort was compiled by you, then re-run the the ./configure > script using the '--with-mssql' switch. For non-standard installations of a > database, the '--with-mssql=DIR' syntax may need to be used to specify the > base directory of the DB install. See the database documentation for > cursory details (doc/README.database). and the URL to the most recent > database plugin documentation. > > I read through README.database as suggested in the error message but I > didn't see anything that helped in this case. > > Does anyone know of any step by step stuff for getting snort and mssql > working ? I know I should be getting snort to write unified output to > barnyard and not directly to the database, but > 1) this is a proof of concept environment at the moment - I just want to > get it working first and *then* optimise it > 2) from what I have found to date barnyard doesn't have a plugin for mssql > > Thanks for any suggestions. > > David > ================================= > David Ryan > IT Security Engineer, Global IT Security > Quintiles, Global IT - Infrastructure, QDUB > > david.ryan@quintiles.com > v: +353-1-819-5186, GMT+0 > m: +353-87-124-9108 > ================================= > > ********************** IMPORTANT--PLEASE READ ************************ > This electronic message, including its attachments, is COMPANY CONFIDENTIAL > and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are > not the intended recipient, you are hereby notified that any use, disclosure, > copying, or distribution of this message or any of the information included > in it is unauthorized and strictly prohibited. If you have received this > message in error, please immediately notify the sender by reply e-mail and > permanently delete this message and its attachments, along with any copies > thereof. If this electronic message contains a zipped attachment and you do > not have a decompression tool, you may download unZIP (free of cost) from: > http://www.mk-net-work.com/us/uz/unzip.htm. Alternatively, you may request > that the attachment be resent in an uncompressed format. Thank you. > ************************************************** ********************** > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > ------=_Part_349941_7327697.1178059993433 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline mysql and mssql are different. If you are going to be connecting to a mssql database from *nix use odbc....<br><br><a href="http://www.snort.org/docs/snortdb/snortdb_install.html">http://www.snort.org/docs/snortdb/snortdb_install.html </a><br><br>Regards,<br><br>Will<br><br><div><span class="gmail_quote">On 5/1/07, <b class="gmail_sendername"><a href="mailto:David.Ryan@quintiles.com">David.Ryan@ quintiles.com</a></b> <<a href="mailto:David.Ryan@quintiles.com"> David.Ryan@quintiles.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <br><font face="sans-serif" size="2">All,</font> <br> <br><font face="sans-serif" size="2">I tried compiling with '--with-mssql' and it didn't complain, or at least not that I saw. When I tried to compile previously without the relevant mysql-devel bits it complained loudly, so I expected it to do the same if there was something missing from the mssql environment. </font> <br> <br><font face="sans-serif" size="2">However, when I went to run snort it complained that this version wasn't compiled with mssql support. It then suggested adding the switch (which I already did) or adding the database path, but in this instance the database is held elsewhere so I don't think the path concept would apply. Error message follows -</font> <br><font face="sans-serif" size="2">May 1 23:13:34 localhost snort[23378]: Daemon initialized, signaled parent pid: 23377</font> <br><font face="sans-serif" size="2">May 1 23:13:34 localhost snort[23378]: database: 'mssql' support is not compiled into this build of snort</font> <br><font face="sans-serif" size="2">May 1 23:13:34 localhost snort[23378]: FATAL ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm, or Windows), then check for alternate builds that contains the necessary 'mssql' support. If this build of snort was compiled by you, then re-run the the ./configure script using the '--with-mssql' switch. For non-standard installations of a database, the '--with-mssql=DIR' syntax may need to be used to specify the base directory of the DB install. See the database documentation for cursory details (doc/README.database). and the URL to the most recent database plugin documentation.</font> <br> <br><font face="sans-serif" size="2">I read through README.database as suggested in the error message but I didn't see anything that helped in this case.</font> <br> <br><font face="sans-serif" size="2">Does anyone know of any step by step stuff for getting snort and mssql working ? I know I should be getting snort to write unified output to barnyard and not directly to the database, but</font> <br><font face="sans-serif" size="2">1) this is a proof of concept environment at the moment - I just want to get it working first and *then* optimise it</font> <br><font face="sans-serif" size="2">2) from what I have found to date barnyard doesn't have a plugin for mssql</font> <br> <br><font face="sans-serif" size="2">Thanks for any suggestions.</font> <br> <br><font face="sans-serif" size="2">David</font> <br><font face="sans-serif" size="2">=================================<br> David Ryan<br> IT Security Engineer, Global IT Security<br> Quintiles, Global IT - Infrastructure, QDUB<br> <br> <a href="mailto:david.ryan@quintiles.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">david.ryan@ quintiles.com</a><br> v: +353-1-819-5186, GMT+0<br> m: +353-87-124-9108<br> =================================</font><pre>********************** IMPORTANT--PLEASE READ ************************<br>This electronic message, including its attachments, is COMPANY CONFIDENTIAL<br>and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are <br>not the intended recipient, you are hereby notified that any use, disclosure,<br>copying, or distribution of this message or any of the information included<br>in it is unauthorized and strictly prohibited. If you have received this <br>message in error, please immediately notify the sender by reply e-mail and<br>permanently delete this message and its attachments, along with any copies<br>thereof. If this electronic message contains a zipped attachment and you do <br>not have a decompression tool, you may download unZIP (free of cost) from:<br><a href="http://www.mk-net-work.com/us/uz/unzip.htm" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.mk-net-work.com/us/uz/unzip.htm </a>. Alternatively, you may request<br>that the attachment be resent in an uncompressed format. Thank you. <br>********************************************** **************************<br><br></pre><br>------------------------------------------------------------------------- <br>This SF.net email is sponsored by DB2 Express<br>Download DB2 Express C - the FREE version of DB2 express and take<br>control of your XML. No limits. Just data. Click to get it now.<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://sourceforge.net/powerbar/db2/" target="_blank"> http://sourceforge.net/powerbar/db2/</a><br>____________________________________________ ___<br>Snort-users mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Snort-users@lists.sourceforge.net"> Snort-users@lists.sourceforge.net</a><br>Go to this URL to change user options or unsubscribe:<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users" target="_blank"> https://lists.sourceforge.net/lists/listinfo/snort-users<br>Snort-users</a> list archive:<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.geocrawler.com/redir-sf.php3?list=snort-users" target="_blank"> http://www.geocrawler.com/redir-sf.php3?list=snort-users</a><br></blockquote></div><br> ------=_Part_349941_7327697.1178059993433-- --===============1713429018== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ --===============1713429018== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============1713429018==-- 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 06:15 PM.
