Snort mailing list archives
RE: Problems starting Snort 1.9.0 on RH 8.0
From: "Scott, Joshua" <Joshua.Scott () Jacobs com>
Date: Mon, 4 Nov 2002 13:36:38 -0800
Did you make sure that the table structure exists properly and that the created user has the necessary permissions? Joshua Scott Security Systems Analyst, CISSP 626-568-7024 -----Original Message----- From: Sawall, Christopher L [mailto:CSawall () ameren com] Sent: Monday, November 04, 2002 1:02 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Problems starting Snort 1.9.0 on RH 8.0 I am having trouble getting Snort to start. Any help would be greatly appreciated. Config: RedHat 8.0 Snort 1.9.0 MySQL 3.23.53a I created a user with all the rights to try and make sure that it would work: mysql -u root -p{password} snort mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost; I checked the database and made sure that the "sensor" table exists. I try to start Snort: /etc/snort# snort -d -c ./snort.conf The following is the error I am receiving: Initializing Output Plugins! Log directory = /var/log/snort Initializing Network Interface eth0 --== Initializing Snort ==-- Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file ./snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Reassembly method: FAVOR_OLD http_decode arguments: Unicode decoding IIS alternate Unicode decoding IIS double encoding vuln Flip backslash to slash Include additional whitespace separators Ports to decode http on: 80 rpc_decode arguments: Ports to decode RPC on: 111 32771 telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 Conversation Config: KeepStats: 0 Conv Count: 32000 Timeout : 60 Alert Odd?: 0 Allowed IP Protocols: All Portscan2 config: log: /var/log/snort/scan.log scanners_max: 3200 targets_max: 5000 target_limit: 5 port_limit: 20 timeout: 60 database: compiled support for ( mysql ) database: configured to use mysql database: user = snort database: password is set database: database name = snort database: host = localhost database: sensor name = 10.70.2.252 database: mysql_error: Duplicate entry '0' for key 1 SQL=INSERT INTO sensor (hostname, interface, detail, encoding, last_cid) VALUES ('10.70.2.252','eth0','1','0', '0') database: Problem obtaining SENSOR ID (sid) from snort->sensor When this plugin starts, a SELECT query is run to find the sensor id for the currently running sensor. If the sensor id is not found, the plugin will run an INSERT query to insert the proper data and generate a new sensor id. Then a SELECT query is run to get the newly allocated sensor id. If that fails then this error message is generated. Some possible causes for this error are: * the user does not have proper INSERT or SELECT privileges * the sensor table does not exist If you are _absolutely_ certain that you have the proper privileges set and that your database structure is built properly please let me know if you continue to get this error. You can contact me at (roman () danyliw com). Fatal Error, Quitting.. Thanks, Chris ====================================================================================== NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. ==============================================================================
Current thread:
- Problems starting Snort 1.9.0 on RH 8.0 Sawall, Christopher L (Nov 04)
- Re: Problems starting Snort 1.9.0 on RH 8.0 Eli Stair (Nov 04)
- <Possible follow-ups>
- RE: Problems starting Snort 1.9.0 on RH 8.0 Scott, Joshua (Nov 04)
- RE: Problems starting Snort 1.9.0 on RH 8.0 Sawall, Christopher L (Nov 05)