Snort mailing list archives
Snort 1.9 --with-postgresql
From: Demetri Mouratis <dmourati () cm math uiuc edu>
Date: Fri, 17 Jan 2003 14:20:39 -0600 (CST)
Anyone out here having any success with Snort 1.9 comiled with support for postgres logging? I was running fine on a 1.86 snort install but decided to upgrade today and am running into a few problems. 1. snort-1.9.0.tar.gz source, compiles file but hangs at runtime trying to log to postgres. This issue was experienced by at least a few folks according to the archives: http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=snort+1.9+postgres+problem&q=b
From syslog onmy snort box:
Jan 17 12:47:06 netmonitor01 snort: database: postgresql_error: ERROR: ExecAppend: Fail to add null value in not null attribute last_cid Jan 17 12:47:06 netmonitor01 snort: database: Problem obtaining SENSOR ID (sid) from snort->sensor Jan 17 12:47:06 netmonitor01 snort: FATAL ERROR: When this plugin starts, a SELECT query is run to find the sensor id for the currently running sensor. If the sensor id is not found, the plugin will run an INSERT query to insert the proper data and generate a new sensor id. Then a SELECT query is run to get the newly allocated sensor id. If that fails then this error message is generated. Some possible causes for this error are: * the user does not have proper INSERT or SELECT privileges * the sensor table does not exist If you are _absolutely_ certain that you have the proper privileges set and that your database structure is built properly please let me know if you continue to get this error. You can contact me at (roman () danyliw com). Database privileges are not the issue: snort=# insert into sensor (hostname,last_cid) values('dummyhost',9999); INSERT 1549192 1 snort=# select * from sensor; sid | hostname | interface | filter | detail | encoding | last_cid -----+-----------+-----------+--------+--------+----------+---------- 10 | dummyhost | | | | | 9999 (1 row) The only solution given in the archives was to go the the latest CVS. 2. snort-stable.tar.gz source, wont compile. It hangs on sprintf.c: gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap -I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors -DENABLE_POSTGRESQL -g -O2 -Wall -c `test -f 'snprintf.c' || echo './'`snprintf.c snprintf.c: In function `sm_dopr': snprintf.c:153: conflicting types for `sys_errlist' /usr/include/stdio.h:554: previous declaration of `sys_errlist' make[3]: *** [snprintf.o] Error 1 make[3]: Leaving directory `/opt/snort-stable/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/opt/snort-stable/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/opt/snort-stable' make: *** [all] Error 2 Any pointers on getting either the stock 1.9 or the CVS snort-stable to compile and run correctly greatly appreciated. Thanks. --------------------------------------------------------------------- Demetri Mouratis dmourati () linfactory com ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.9 --with-postgresql Demetri Mouratis (Jan 17)
- <Possible follow-ups>
- Snort 1.9 --with-postgresql Michael J. McCasland (Jan 18)