Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort with Oracle in Windows

From: Ke Lu <myoldtrafford () gmail com>
Date: Tue, 11 Aug 2009 11:37:57 +0800
Hi, anyone has succeeded in using Oracle as snort output plugin? I used
Mssql as snort output plugin successfully. But when i try to use Oracle, it
failed.

My software version and install enviroment are as follows:

Software:
    Snort_2_8_0_1
    Oracle10g
OS:
    Window Server 2003

note: i installed Oracle client and Snort on the same server, and i want to
log data to remote server which installed Oracle.

snort config file:
    output database: log, Oracle, host=202.117.54.251 port=1521 dbname=net
user=klu password=abc sensor_name=svctag-9d8bk2x detail=Fast

tnsnames.ora file:
    # tnsnames.ora Network Configuration File:
e:\Ora10StandardClient\NETWORK\ADMIN\tnsnames.ora
    # Generated by Oracle configuration tools.

    NET =
      (DESCRIPTION =
        (ADDRESS_LIST =
          (ADDRESS = (PROTOCOL = TCP)(HOST = 202.117.54.251)(PORT = 1521))
        )
        (CONNECT_DATA =
          (SERVICE_NAME = net)
        )
      )

i can connect Oracle with sql*plus, but when i run Snort, it failed to
connect Oracle with following messages:

database: compiled support for ( odbc oracle )
database: configured to use Oracle
database:          host = 202.117.54.251
database:          port = 1521
database: database name = net
database:          user = klu
database: password is set
database:   sensor name = svctag-9d8bk2x
database: detail level  = Fast
database : ORACLE_HOME environment variable not set
database: hostname not required for Oracle, use dbname
database: dbname must be in tnsnames.ora
database: Oracle_error:
ERROR: database: OCIInitialize : Connection to database 'net' failed
Fatal Error, Quitting..

Question 1:
    anyone can tell me where to set ORACLE_HOME environment in snort?
Question 2:
    What does "hostname not required for Oracle, use dbname" and "dbname
must be in tnsnames.ora" mean ?

Thank you in advanced!
-- 
Lu Ke

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: