From owner-freebsd-questions  Sat Jul 13  0:53:19 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 433A737B400
	for <freebsd-questions@FreeBSD.ORG>; Sat, 13 Jul 2002 00:53:16 -0700 (PDT)
Received: from valis.olywa.net (valis.olywa.net [216.173.192.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9291B43E64
	for <freebsd-questions@FreeBSD.ORG>; Sat, 13 Jul 2002 00:53:15 -0700 (PDT)
	(envelope-from corey@snowpoint.com)
Received: from intrepid.snowpoint.com ([216.173.213.173])
          by valis.olywa.net (Post.Office MTA v3.5.3 release 223
          ID# 0-56662U5000L500S0V35) with ESMTP id net
          for <freebsd-questions@FreeBSD.ORG>;
          Sat, 13 Jul 2002 00:53:10 -0700
Received: from ([216.173.213.170])
        by intrepid.snowpoint.com (Merak 4.10.020) with SMTP id HUB36795
        for <freebsd-questions@FreeBSD.ORG>; Sat, 13 Jul 2002 00:48:17 -0700
From: "Corey Snow" <corey@snowpoint.com>
To: freeBSD-Questions <freebsd-questions@FreeBSD.ORG>
Date: Sat, 13 Jul 2002 00:45:18 -0700
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Snort and unixODBC
Message-ID: <3D2F781E.20803.C5A6213@localhost>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hey all- I've got a problem getting a Snort system up and running. I 
want to have Snort on my IDS log via the database output plugin to 
MSSQL server 2000. I've set up unixODBC, FreeTDS and Snort with the 
appropriate flags (at least I think I have).

isql lets me connect to my Snort database on the SQL server just fine 
and execute queries. The problem occurs when I start Snort- first it 
attempts to locate the sensor ID by executing a query for it, which 
returns a rowcount of 0. Then it runs an INSERT, which succeeds- the 
sql.log shows this. Next it tries to run the SELECT again looking for 
the sensor ID, but fails. /tmp/sql.log indicates a SQL_ERROR occured 
at SQLExecute.c line 328, but that's just the line that saves the 
logging data. What's really irritating is that I can execute the 
exact same query via isql with no problems.

Has anyone seen this behavior before? Google turned up a few hits on 
this issue, but only one person with a similar configuration and his 
question was never answered. I've been browsing the sources for a few 
hours now and while I'm much more familiar with the inner workings of 
FreeTDS and unixODBC, I'm no closer to an answer.

Thanks,

Corey Snow


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message