Snort mailing list archives
RE: Snort - ACID - MySQL - My Head Ache
From: "Michael Steele" <michaels () silicondefense com>
Date: Mon, 24 Mar 2003 06:55:03 -0800
Carlos, What error message are you receiving in your Event logs? Did the error occur in the System or Application log? Why are you doing anything with LibnetNT.dll? This library is not required in the configuration you described, unless you selected to use FlexRESP on the way in, and if that is the case, then reset snort without FlexRESP and try that. -Michael Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of carlos () xiata com Sent: Friday, March 21, 2003 12:49 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort - ACID - MySQL - My Head Ache Hi folks - I am hoping for some insight here. I have a system that is running Snort, MySQL, ACID, IIS, ADODB. I followed the instruction as posted on the silicondefense.com site (short of using MySQL 4 Gama) but my Snort service keeps on dying on me. If I run snort logging to a directory as opposed to logging to the MySQL DB all appears to be honky dory. If I start logging to the MySQL DB it runs for a while but after a few logged alerts (some times no logged alerts) it just up & dies. I have not been able to make any sense of it as of yet. Here is the info on the system Windows XP Pro SP1 & All Updates taken care off. ADODB 3.30 (was using 3.10 before but no dice) PHP 4.3.x mysql-3.23.55 acid-0.9.6b24 WinPcap 3.0 beta. (before I was running the 2.3 version but still no dice). When the service dies I get the following Windows Error Report: <?xml version="1.0" encoding="UTF-16"?> <DATABASE> <EXE NAME="snort.exe" FILTER="GRABMI_FILTER_PRIVACY"> <MATCHING_FILE NAME="LibnetNT.dll" SIZE="68161" CHECKSUM="0x4194F423" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1A1D9" LINKER_VERSION="0x10000" LINK_DATE="02/03/2003 12:31:42" UPTO_LINK_DATE="02/03/2003 12:31:42" /> <MATCHING_FILE NAME="snort.exe" SIZE="462848" CHECKSUM="0xBC282371" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="03/04/2003 16:36:08" UPTO_LINK_DATE="03/04/2003 16:36:08" /> </EXE> <EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY"> <MATCHING_FILE NAME="kernel32.dll" SIZE="930304" CHECKSUM="0xCBCCF8A9" BIN_FILE_VERSION="5.1.2600.1106" BIN_PRODUCT_VERSION="5.1.2600.1106" PRODUCT_VERSION="5.1.2600.1106" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoftr Windowsr Operating System" FILE_VERSION="5.1.2600.1106 (xpsp1.020828-1920)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="c Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xE7ED3" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1106" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1106" LINK_DATE="08/29/2002 10:40:40" UPTO_LINK_DATE="08/29/2002 10:40:40" VER_LANGUAGE="English (United States) [0x409]" /> </EXE> </DATABASE> So I updated LibnetNT.dll to the latest version as well (different than the version that Snort comes packed with). But that got me nowhere either. Can anyone shed some light onto this? Carlos ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort - ACID - MySQL - My Head Ache snort (Mar 23)
- Re: Snort - ACID - MySQL - My Head Ache Erek Adams (Mar 23)
- Re: Snort - ACID - MySQL - My Head Ache snort (Mar 23)
- <Possible follow-ups>
- Snort - ACID - MySQL - My Head Ache carlos (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache snort (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache snort (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 25)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 24)
- Re: Snort - ACID - MySQL - My Head Ache Erek Adams (Mar 23)