I tried to play a little bit with snort and postgres, but i can't get them to work. I installed snort-pgsql and created the tables as described in the little howto: http://www.kellys.net/snort/.
After a restart of the snort system, it fails to output the data to the database: Oct 29 16:01:47 gecko postgres[9110]: [1] DEBUG: connection: host=127.0.0.1 user=XXX database=snort_log Oct 29 16:01:47 gecko postgres[9110]: [2] ERROR: ExecAppend: Fail to add null value in not null attribute last_cid Oct 29 16:01:47 gecko snort: database: postgresql_error: ERROR: ExecAppend: Fail to add null value in not null attribute last_cid Oct 29 16:01:47 gecko snort: database: Problem obtaining SENSOR ID (sid) from snort_log->sensor Oct 29 16:01:47 gecko snort: FATAL ERROR: When this plugin starts, a SELECT query is run to find the sensor id for the currently running sensor. If the sensor id is not found, the plugin will run an INSERT query to insert the proper data and generate a new sensor id. Then a SELECT query is run to get the newly allocated sensor id. If that fails then this error message is generated. Some possible causes for this error are: * the user does not have proper INSERT or SELECT privileges * the sensor table does not exist If you are _absolutely_ certain that you have the proper privileges set and that your database structure is built properly please let me know if you continue to get this error. You can contact me at ([EMAIL PROTECTED]). Oct 29 16:01:47 gecko postgres[9110]: [3] DEBUG: pq_recvbuf: unexpected EOF on client connection I looked a bit around in the net and found a message about a bug in the postgresDB. http://www.geocrawler.com/lists/3/SourceForge/4890/50/9885565/ Maybe anyone is using the latest debian snort with postgres? The fix displayed in the mail, won't work and i don't want to recompile the hole database. Thanks for comments... Roman -- www: http://www.romanofski.de email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
