Re: [Sguil-devel] Trying out sguil 0.6.1, some errors encountered
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-devel] Trying out sguil 0.6.1, some errors encountered
|
From: Jonathan G. <jon...@se...> - 2007-02-27 15:03:38
|
We have been using 0.5.0 for as long as I can remember Im just looking at upgrading to 0.6.1 now, didnt use 0.6.0 at all. We are using 5.0.18-log version of mysql. No fancy stuff with mysql. Thanks Jonathan Bamm Visscher wrote: > Are you doing anything odd w/MySQL? Was this working with 0.6.0? > > Bammkkkk > > > On 2/27/07, Jonathan Gill <jon...@se...> wrote: > >> Hi Bamm >> >> Thanks for the reply >> >> Prior to running the sensor and server for the first time I had created >> a fresh db. This error had occured a few times. Each time I drop the >> full db and run the create script again (the create_sguildb.sql file) >> The error keeps happening. >> >> I dropped the tables you suggested, (sancp was missing) and restarted sguild >> >> this time, after a short while I see this in the syslog >> >> Feb 27 14:43:05 sun1 SGUILD: Loading access list: /etc/sguild/sguild.access >> Feb 27 14:43:05 sun1 SGUILD: Sensor access list set to ALLOW ANY. >> Feb 27 14:43:05 sun1 SGUILD: Client access list set to ALLOW ANY. >> Feb 27 14:43:05 sun1 SGUILD: Email Configuration: >> Feb 27 14:43:05 sun1 SGUILD: Config file: /etc/sguild/sguild.email >> Feb 27 14:43:05 sun1 SGUILD: Enabled: No >> Feb 27 14:43:05 sun1 SGUILD: Connecting to master.db.securecirt.com on >> 3306 as root >> Feb 27 14:43:05 sun1 SGUILD: MySQL Version: version 5.0.18-log >> Feb 27 14:43:05 sun1 SGUILD: SguilDB Version: 0.11 >> Feb 27 14:43:05 sun1 SGUILD: Creating event MERGE table. >> Feb 27 14:43:05 sun1 SGUILD: Creating tcphdr MERGE table. >> Feb 27 14:43:05 sun1 SGUILD: Creating udphdr MERGE table. >> Feb 27 14:43:05 sun1 SGUILD: Creating icmphdr MERGE table. >> Feb 27 14:43:05 sun1 SGUILD: Creating data MERGE table. >> Feb 27 14:43:05 sun1 SGUILD: Loaderd Forked >> Feb 27 14:43:05 sun1 SGUILD: Queryd Forked >> Feb 27 14:43:05 sun1 SGUILD: Retrieving DB info... >> Feb 27 14:43:05 sun1 SGUILD: SELECT hostname FROM sensor ORDER BY >> hostname ASC >> Feb 27 14:43:05 sun1 SGUILD: SELECT sid FROM sensor WHERE >> hostname='securecirt-office' >> Feb 27 14:43:05 sun1 SGUILD: SELECT ip FROM sensor WHERE >> hostname='securecirt-office' >> Feb 27 14:43:05 sun1 SGUILD: SELECT MAX(timestamp) FROM event WHERE sid=1 >> Feb 27 14:43:05 sun1 SGUILD: Unknown command received from sguild: >> >> and a few seconds after that this appears on the console I ran sguild from >> >> mysqlsel/db server: Can't find file: 'event' (errno: 2) >> while executing >> "mysqlsel $MAIN_DB_SOCKETID $query -flatlist" >> (procedure "FlatDBQuery" line 5) >> invoked from within >> "FlatDBQuery $tmpQuery" >> ("foreach" body line 15) >> invoked from within >> "foreach sensorName $sensorList { >> >> set tmpQuery "SELECT sid FROM sensor WHERE hostname='$sensorName'" >> LogMessage " $tmpQuery" >> set sensorSi..." >> (file "/usr/local/bin/sguild" line 526) >> >> any more hints? >> >> Many thanks >> >> Jonathan >> >> >> Bamm Visscher wrote: >> >>> It looks like your MERGE definition is corrupt. Stop sguild and then >>> from a mysql prompt using sguildb do: DROP TABLES event, tcphdr, >>> udphdr, icmphdr, data, sancp; >>> >>> You wont use any data. Start sguild back up and see if that corrects >>> the problem. >>> >>> Bammkkkk >>> >>> On 2/27/07, Jonathan Gill <jon...@se...> wrote: >>> >>> >>>> Hi All, >>>> >>>> Im trying out version 0.6.1 of sguil (seems to be the latest on the >>>> site) but im running into some issues when using it. >>>> >>>> All is compiled and installed correctly (as far as I can see) following >>>> the install docs, but when trying to show packet data within the client >>>> (on windows) I see the following errors on the console for sguild >>>> >>>> Error: mysqlsel/db server: Can't find file: 'event' (errno: 2) >>>> mysqlsel/db server: Can't find file: 'event' (errno: 2) >>>> while executing >>>> "mysqlsel $MAIN_DB_SOCKETID $query -flatlist" >>>> (procedure "FlatDBQuery" line 5) >>>> invoked from within >>>> "FlatDBQuery $query" >>>> (procedure "GetIPData" line 4) >>>> invoked from within >>>> "$clientCmd $socketID $index1 $index2 " >>>> ("GetIPData" arm line 1) >>>> invoked from within >>>> "switch -exact $clientCmd { >>>> DeleteEventID { $clientCmd $socketID $index1 $index2 } >>>> DeleteEventIDList { $clientCmd $socketID $data1 } >>>> ..." >>>> (procedure "ClientCmdRcvd" line 30) >>>> invoked from within >>>> "ClientCmdRcvd sock14" >>>> SGUILD: killing child procs... >>>> SGUILD: Exiting... >>>> >>>> Note this was run with sguild configured to write to a brand new clean >>>> database, it did create all the tables when the sensor first connected >>>> (db is named sguildb06) >>>> >>>> When restarting sguild I see the following within the syslog messages >>>> Feb 27 09:52:40 sun1 SGUILD: MySQL Version: version 5.0.18-log >>>> Feb 27 09:52:40 sun1 SGUILD: SguilDB Version: 0.11 >>>> Feb 27 09:52:40 sun1 SGUILD: >>>> ************************************************************* >>>> >>>> ERROR: You appear to be using an old version of the sguil database >>>> schema that does not support the MERGE tables Please use the >>>> migrate_event.tcl script and see the CHANGES document for more >>>> information . Table event returned status => event {} {} {} {} {} {} {} >>>> {} {} {} {} {} {} {} {} {} {Can't find file: 'event' (errno: 2)} >>>> ************************************************************* >>>> >>>> Any advice or hints from anyone? >>>> >>>> Thanks >>>> >>>> Jonathan >>>> >>>> -- >>>> Jonathan Gill >>>> SecureCiRT Pte Ltd >>>> http://www.securecirt.com/ >>>> PGP : 315C 314D CD36 CBFF 728E F167 FCD8 15B7 0287 >>>> >>>> >>>> >>>> ------------------------------------------------------------------------- >>>> Take Surveys. Earn Cash. Influence the Future of IT >>>> Join SourceForge.net's Techsay panel and you'll get the chance to share your >>>> opinions on IT & business topics through brief surveys-and earn cash >>>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >>>> _______________________________________________ >>>> Sguil-devel mailing list >>>> Sgu...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sguil-devel >>>> >>>> >>>> >>> >>> >> -- >> Jonathan Gill >> SecureCiRT Pte Ltd >> http://www.securecirt.com/ >> PGP : 315C 314D CD36 CBFF 728E F167 FCD8 15B7 0287 >> >> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to share your >> opinions on IT & business topics through brief surveys-and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Sguil-devel mailing list >> Sgu...@li... >> https://lists.sourceforge.net/lists/listinfo/sguil-devel >> >> > > > -- Jonathan Gill +65 98551701 Chief Technology Officer +65 62436800 SecureCiRT Pte Ltd http://www.securecirt.com/ PGP : 315C 314D CD36 CBFF 728E F167 FCD8 15B7 0287 |