Snort+PostgreSQL won't work?
I tried to play a little bit with snort and postgres, but i can't get them to
work. I installed snort-pgsql and created the tables as described in the little
howto: http://www.kellys.net/snort/.
After a restart of the snort system, it fails to output the data to the
database:
Oct 29 16:01:47 gecko postgres[9110]: [1] DEBUG: connection: host=127.0.0.1 user=XXX database=snort_log
Oct 29 16:01:47 gecko postgres[9110]: [2] ERROR: ExecAppend: Fail to add null value in not null attribute last_cid
Oct 29 16:01:47 gecko snort: database: postgresql_error: ERROR: ExecAppend: Fail to add null value in not null attribute last_cid
Oct 29 16:01:47 gecko snort: database: Problem obtaining SENSOR ID (sid) from snort_log->sensor
Oct 29 16:01:47 gecko snort: FATAL ERROR: When this plugin starts, a SELECT query is run to find the sensor id for the currently running sensor. If the sensor id is not found, the plugin will run an INSERT query to insert the proper data and generate a new sensor id. Then a SELECT query is run to get the newly allocated sensor id. If that fails then this error message is generated. Some possible causes for this error are: * the user does not have proper INSERT or SELECT privileges * the sensor table does not exist If you are _absolutely_ certain that you have the proper privileges set and that your database structure is built properly please let me know if you continue to get this error. You can contact me at (roman@danyliw.com).
Oct 29 16:01:47 gecko postgres[9110]: [3] DEBUG: pq_recvbuf: unexpected EOF on client connection
I looked a bit around in the net and found a message about a bug in the
postgresDB.
http://www.geocrawler.com/lists/3/SourceForge/4890/50/9885565/
Maybe anyone is using the latest debian snort with postgres? The fix displayed
in the mail, won't work and i don't want to recompile the hole database.
Thanks for comments...
Roman
--
www: http://www.romanofski.de
email: romanjoost@gmx.de
Reply to: