Package: snort-mysql
Version: 2.7.0-20.4
Severity: normal
Everything work okay before the upgrade to lenny.
The output database plugin is
configured. If snort is started on the command
line, not as a daemon and with /etc/snort/snort.conf as the config file, then
the console messages indicate that the database plugin is invoked. However if
starting from /etc/init.d/snort startup file, then there is no indication of
the database plugin being seen, regardless of its daemon status. The is no
indication that the connect has failed because of credentials or privileges.
One interesting but possibly irrelevant item is if I go into mysql (on the db
server), then the describe table for snort.schema gives an error, e.g.
mysql> use snort;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+------------------+
| Tables_in_snort |
+------------------+
| acid_ag |
| acid_ag_alert |
| acid_event |
| acid_ip_cache |
| base_roles |
| base_users |
| data |
| detail |
| encoding |
| event |
| icmphdr |
| iphdr |
| opt |
| reference |
| reference_system |
| schema |
| sensor |
| sig_class |
| sig_reference |
| signature |
| tcphdr |
| udphdr |
+------------------+
22 rows in set (0.00 sec)
mysql> describe schema;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to use near
'schema' at line 1
mysql> describe sensor;
+-----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+------------------+------+-----+---------+----------------+
| sid | int(10) unsigned | NO | PRI | NULL | auto_increment |
| hostname | text | YES | | NULL | |
| interface | text | YES | | NULL | |
| filter | text | YES | | NULL | |
| detail | tinyint(4) | YES | | NULL | |
| encoding | tinyint(4) | YES | | NULL | |
| last_cid | int(10) unsigned | NO | | 0 | |
+-----------+------------------+------+-----+---------+----------------+
7 rows in set (0.00 sec)
mysql> show table status like 'schema';
+--------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+---------------------+---------------------+-------------------+----------+----------------+---------+
| Name | Engine | Version | Row_format | Rows | Avg_row_length | Data_length
| Max_data_length | Index_length | Data_free | Auto_increment | Create_time
| Update_time | Check_time | Collation | Checksum |
Create_options | Comment |
+--------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+---------------------+---------------------+-------------------+----------+----------------+---------+
| schema | MyISAM | 9 | Fixed | 1 | 13 | 13
| 55834574847 | 2048 | 0 | NULL | 2007-01-15
20:09:13 | 2009-03-21 14:39:26 | 2009-05-01 09:54:28 | latin1_swedish_ci |
NULL | | |
+--------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+---------------------+---------------------+-------------------+----------+----------------+---------+
1 row in set (0.01 sec)
mysql> quit
The mysql server version(s) are:
ii libdbd-mysql-pe 4.007-1 A Perl5 database interface to the MySQL
data
ii libmysqlclient1 3.23.56-3 LGPL-licensed client library for MySQL
datab
ii libmysqlclient1 4.0.24-10sarge2 mysql database client library
ii libmysqlclient1 4.1.11a-4sarge7 mysql database client library
ii libmysqlclient1 5.0.51a-24+lenn MySQL database client library
ii mysql-client-5. 5.0.51a-24+lenn MySQL database client binaries
ii mysql-common 5.0.51a-24+lenn MySQL database common files
ii mysql-server-5. 5.0.51a-24+lenn MySQL database server binaries
ii php5-mysql 5.2.6.dfsg.1-1+ MySQL module for php5
ii postfix-mysql 2.5.5-1.1 MySQL map support for Postfix
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages snort-mysql depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr
ii libgpg-error0 1.4-2 library for common error values an
ii libltdl3 1.5.26-4 A system independent dlopen wrappe
ii libmysqlclient15off 5.0.51a-24+lenny1 MySQL database client library
ii libpcap0.8 0.9.8-5 system interface for user-level pa
ii libpcre3 7.6-2.1 Perl 5 Compatible Regular Expressi
ii libprelude2 0.9.18.1-1 Hybrid Intrusion Detection System
ii libtasn1-3 1.4-1 Manage ASN.1 structures (runtime)
ii logrotate 3.7.1-5 Log rotation utility
ii snort-common 2.7.0-20.4 flexible Network Intrusion Detecti
ii snort-common-libraries 2.7.0-20.4 flexible Network Intrusion Detecti
ii snort-rules-default 2.7.0-20.4 flexible Network Intrusion Detecti
ii sysklogd [system-log-d 1.5-5 System Logging Daemon
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages snort-mysql recommends:
ii iproute 20080725-2 networking and traffic control too
Versions of packages snort-mysql suggests:
pn snort-doc <none> (no description available)
-- debconf information:
* snort-mysql/address_range: 192.168.2.0/24
* snort-mysql/reverse_order: false
* snort-mysql/db_database: snort
snort-mysql/please_restart_manually:
snort-mysql/config_error:
* snort-mysql/options:
* snort-mysql/configure_db: true
* snort-mysql/startup: boot
* snort-mysql/send_stats: false
snort-mysql/stats_treshold: 1
snort-mysql/invalid_interface:
* snort-mysql/interface: eth0 eth1
* snort-mysql/needs_db_config:
snort-mysql/stats_rcpt: root
* snort-mysql/db_user: snort
* snort-mysql/disable_promiscuous: false
snort-mysql/config_parameters:
* snort-mysql/db_host: 192.168.2.7
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
