Hello,
I know this topic has been posted a bunch and I think I have read all the posts, but I am still stuck getting snort to log to mysql. The error I recieve is one of not having the table created on my SNORT db.
Code:
database: mysql_error: Table 'SNORT.sensor' doesn't exist
database: mysql_error: Table 'SNORT.sensor' doesn't exist
SQL=INSERT INTO sensor (hostname, interface, detail, encoding, last_cid) VALUES ('192.168.1.1','xl0','1','0', '0')
database: mysql_error: Table 'SNORT.sensor' doesn't exist
database: Problem obtaining SENSOR ID (sid) from SNORT->sensor
ERROR:
When this plugin starts, a SELECT query is run to find the sensor id for the
currently running sensor. If the sensor id is not found, the plugin will run
an INSERT query to insert the proper data and generate a new sensor id. Then a
SELECT query is run to get the newly allocated sensor id. If that fails then
this error message is generated.
Some possible causes for this error are:
* the user does not have proper INSERT or SELECT privileges
* the sensor table does not exist
I have not created any tables, so I know thats why I recieve the error. I have been following this tut:
http://www.bsdguides.org/guides/free...nortreport.php
That is using snortreport, but I just kinda skip over that stuff. I was just more interested in the mysql part,as well as reading a bunch of others.
I have created the user snort and given him insert,select,update,delete privledges on the SNORT db I created....however I have not created a table on the db so I guess thats where I am at right now.
On the link I posted above there was a section from the tut that looked like it was creating the table
Code:
cd /usr/ports/security/snort/work/snort-*/contrib
mysql -u root -p -D snort < create_mysql
However that path is not valid in my ports collection.
So I am sorry to beat a dead horse on the snort sql subject, but any help is greatly appreciated.
Many thanks in advance.
mysql -V
mysql Ver 14.7 Distrib 4.1.14, for portbld-freebsd5.4 (i386) using 4.3
snort -V
,,_ -*> Snort! <*-
o" )~ Version 2.4.3 (Build 26) FreeBSD
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/team.html
(C) Copyright 1998-2005 Sourcefire Inc., et al.
NOTE: Snort's default output has changed in version 2.4.1!
The default logging mode is now PCAP, use "-K ascii" to activate
the old default logging mode.