I'm using snort in win7.
We know that using snort in its sniffer mode we can log a lot packets
into a file, and now I want to log them to a mysql server. I enabled
the database output plugin in the snort.conf and customed a rule:
log ip any any <> any any (sid:2000000;)
as a test.
Everything is OK and I used a PC whose ip is 172.18.186.186 to ping another 172.18.186.189. What I hope to get is 8 records, among which there would be 4 records and their ip_srces are 172.18.186.186. However I just got 4 records and their ip_dsts are 172.18.186.186 while the ip_srces are 172.18.186.189.
OK,that's my problem. How can I get the 8 records I want to see? Is it possible?
Thanks in advance.
yes, you can check out snorby. and lot of implementation there are for connecting snort to a database, such as mysql or mongodb etc.
This article explaing you how u can log to mysql.
Please look at the output plugin unified2, because direct SQL output is deprecated in the snort tree 2.9.2 and will be removed at some point.
Barnyard2 is a binary capable of reading unified2 output and writing that data to a SQL, syslog, or other datasource.
FYI: Snorby is just a Ruby On Rails web app for a database schema for the ACID/BASE standard.
Related
I'm writing a new project that utilises MySQL , There is no problem with the app I'm working on, but when the app recives the output from my sql server it immediately rejects it as null. When accessing my SQL server on port 3306 I am getting strange garbled messages back as well as the short message 'packets out of order.' In my setup I have, MAMP, Docker, Apache server and PHP. I can access each service on its respective port just fine.
1) I have looked into this by running console in the browser which reports the text being incorrectly formatted to something that isn't utf-8
2) I have followed this guide
https://medium.com/#manish_demblani/breaking-out-from-the-mysql-character-set-hell-24c6a306e1e5 and the results that my sql server have churned out are as follows
enter image description here
My question is this. Why is MySQL set up in this strange fashion? Why is it presenting in CP850 /DOS/ Latin? Are there no defaults/config files to change or is it done through windows somewhere
It seems you somehow messed up the client configuration (connection string, [client]-section of your cnf file (on the system that you started the mysql console on), ...). It tells your server to send data in cp850. Not sure why you would get packets out of order, maybe you have an additional underlying problem (very old library maybe?), but I'd start there. It's unclear: did you follow the blog post and then had problems, or was that a solution attempt? In any case, try to focus your attention on the client. Try to undo changes you made. MySQL uses utf8 by default for a long time now. – Solarflare
Prior this problem I had another issue related to the same subject. The problem has been sorted thanks ta #ndm.
Link the previous problem: Cakephp 3. Windows and Linux OS returning different result when querying the database
I have an article page and I am retrieving the associated data with articles. Article comments.
I have the following line of code
$this->Articles->find()->contain('ArticleComments');
This line of code on both local Windows 10 machine and production Debian server retrieves all articles including their comment. find a link to a screenshot of the returned result using Cakephp debugging function pr($object)
Screenshot of the returned result: http://s29.postimg.org/f76brygw6/cakephp.jpg
Now the only problem I have, which occurs only on the production Debian server is that despite the aforementioned line of code is returning articles and article comments I cannot use this object. For an instance if I try the following code:
$this->Articles->find()->contain('ArticleComments')->toArray();
Or
$this->set('articles', $this->Articles->find()->contain('ArticleComments'));
I get this error:
Cannot convert value to integer
InvalidArgumentException
And the following error in tmp/error.log: http://s14.postimg.org/4e88qp6j4/cakephp_error.jpg
Again, this error occurs only on my Debian server and if I retrieve just articles by the following code it works fine.
$this->Articles->find()
What I have done to fix this issue:
Triple checked (twice) table and classes names. 100% sure the issue is not file naming one.
checked both machines PHP and Cakephp version. My Debian server runs PHP 5.6.15-1~dotdeb+zts+7.1 (cli) and My Windows 10 runs PHP 5.6.8 (cli). Cakephp versions are the same. Cakephp 3.1.4
The problem is, probably, the way you are loading the associations. You are required to tell Cake in what plugin your table class lives. Instead of doing this:
$this->hasMany('ArticleComments')
You need this:
$this->hasMany('Comments.ArticleComments')
Problem solved!
The issue was not coming from Linux nor CakePHP.
On my local machine which happens to be Windows OS I am running MySQL version 5.6.24 and on my live server, which runs Linux debian I have MySQL 5.5.46.
I had database columns "datetime" which is supported in 5.6 but was causing a problem in version 5.5.
I simply changed the column type to "timestamp" and the issue was resolved.
Both environments are running different OS's and an enormous amount of time was spent to ensure the issue is not Windows to Linux problem(i.e. filename case sensitivity). CakePHP misleading error messages has delay me to resolve the problem also.
I am glad after more than a month the problem is fixed :D
I'm trying to host a cakephp2 application on an old managed server that has pdo_mysql disabled. Politics dictates that I'm unable to rectify this problem, so I'm looking for connection alternatives.
cakephp is producing the following error:
"A Database connection using "Mysql" was missing or unable to connect.
The database server returned this error: Selected driver is not enabled"
Is there a way to connect to the database using the older mysql database extension?
There's no easy way to do it.
If you want to, you could write your own DboSource class, you could reuse the the existing one and use the old-deprecated mysql database extension. (Or if you're lucky you could find one on the internet, but i doubt it)
Then you'll only need to change the DboSource in your settings to use your own class
Hope this helps
The yii requirements page says PDO extension + the mysql driver works, phpinfo() says that PDO and the MySQL driver is installed, I have configured the 'db' component in the main config file for my project generated with yiic webapp, checked and double checked that the settings are correct (and yes, I am using mysql).
I have made a new migration script in /[mywebapp]/protected/migrations and now I'm trying to run the ./protected/yiic migrate command, but i just get an exception:
exception 'CDbException' with message 'CDbConnection failed to open the DB connection: could not find driver'
I have no idea what is wrong. I have been googling for 2 hours now and i find a lot of other users experiencing the same problems, but usually they are missing the drivers or something obvious. Is there anything i'm completely overlooking?
Despite the real answer being in the comments for this question, I am answering it here so that it appears as an answer. Yiic.php migrate uses the configuration stored in console.php. You need to set your database connection in there to use yiic.
Actually I'm having more than one problem...but all of it has to do with connecting or working with the MySQL database...First you can see one of the errors on my website and no matter what you choose it seems to just say it can't connect to the database...I've configured a configure.php file to allow files to connect to the MySQL database...see the website here:
http://netsurfer123.byethost11.com/index.php
Then when I try to log-in to the Admin area of my MySQL database it just says:
phpMyAdmin - Error
Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly.
Please let me know what I can do to correct these errors...and thanks very much in advanced for any helpful response/s.
First you need to check if the MySQL server is actually running. Use a command such as
/etc/rc.d/init.d/mysqld status
Or similar for your system if possible.
Did you check the web server log file? Does it contain errors as indicated by phpMyAdmin?
Your site is simply unable to connect to the database to which it's trying to connect. This could be for any number of potential reasons:
Is the database running?
Is the database accessible by that machine? (Maybe there's a firewall in between the two servers, if they're separated?)
If the database is on that same machine, are you connecting to it properly? (Maybe it allows only certain connection methods, such as a socket vs. the loopback address?)
Is your connection string correct? Maybe the login is failing?
Check your PHP logs, your Apache logs, your MySQL logs. One of them is complaining about something and it's probably trying to tell you what.