[Snort-devel] Snort 1.9.0 - Postgresql

Peter Moore peter at ...799...
Tue Nov 5 12:24:19 EST 2002


firstly, ensure that you can connect to the database from the computer you 
are running Snort from.
then in your snort.conf or .snortrc file you should have something like this:

output database: alert, postgresql, host=hostname user=userid dbname=snort 
sensor_name=xxx.xxx.xxx.xxx detail=full 

where "hostname" is where the PostgreSQL server resides, "userid" is the user 
id to use to log in to the database and "xxx.xxx.xxx.xxx" is the tcp/ip 
address of the sensor (the machine running Snort).

You may also like to read my Snort/PostgreSQL "how-to" http://beos.loved.com/
projects/snort/snort-how-to.html which details this, although it is largely 
based on Snort 1.8.3. I'll get around to updating it one day ;-)
cheers
peter



> I am installing Snort-1.9.0 and Postgresql 7.2.12-1mdk, running on
>Linux Mandrake 8.2.
>
>With the Database (seemingly) configured and the users added to the
>system, I cannot get the snort process to connect to the Database.  My
>Snort Startup error is:
>
>FATAL ERROR: database: Connection to database 'snort'
>failed
>
>Most of the Documentation appears to reflect the MySQL Database, and I
>cannot find any diagnostic information related to Postgresql.
>
>I do know that the Postmaster is listening to Network Connections (-i)
>option, that the Snort User exists, and has access to the snort
>database.  I am using simplistic passwords, and have enabled Host Access
>for the Network which houses the Server.
>
>What other types of errors would produce this startup message?
>
>--
>Albert E. Whale - CISSP
>http://www.abs-comptech.com
>----------------------------------------------------------------------
>ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
>Sr. Security, Network, and Systems Consultant
>Board of Directors - InfraGard - Pittsburgh, PA
>
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: ApacheCon, November 18-21 in
>Las Vegas (supported by COMDEX), the only Apache event to be
>fully supported by the ASF. http://www.apachecon.com
>_______________________________________________
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-devel
>





More information about the Snort-devel mailing list