[Snort-devel] [ snort-Bugs-625597 ] Database output and logging

noreply at ...12... noreply at ...12...
Sun Oct 20 06:56:06 EDT 2002


Bugs item #625597, was opened at 2002-10-19 06:27
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=625597&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: Database output and logging

Initial Comment:
Two closely related issues with Snort 1.9.0.  May exist 
in previous versions.

Summary:
--------------
1.  The interactions between database output and other 
output options is not well documented.

2.  The database related message outputs generated at 
Snort startup are not logged to syslog.

Discussion:
----------------
1.  Adding "-A fast" to the command line options on a 
Snort sensor otherwise configured to output to a MySQL 
database results in no further output to the database.  
Therefore, the -A option affects not only the logfile 
output, but the database output as well.  Observed with 
Snort 1.9.0 on both Linux (RPM version) and Win32 
port.  The "-A fast" configuration is default in the
snort-1.9.0-1snort.i386.rpm, and is not replaced with 
snort-mysql+flexresp-1.9.0-1snort.i386.rpm.

2.  When configured to output to a database, Snort will 
output to stdout lines similar to the following:

database: compiled support for ( mysql )
database: configured to use mysql
database: database name = snort
database:          user = snort
database: password is set
database:          host = elrond
database:   sensor name = 12.249.54.41
database:     sensor id = 1
database: schema version = 106
database: using the "alert" facility

Unlike the other Snort startup output, these lines do not 
get syslogged so the syslog can not be used to verify 
proper startup with a database.  Observed on Snort 
1.9.0 on Linux (RPM version).



----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=625597&group_id=3357




More information about the Snort-devel mailing list