[Snort-users] no db logging possible
jed at ...153...
Tue Jul 25 14:46:22 EDT 2000
<CVS DUDES> This message contains a patch </CVS DUDES>
> when i start snort by ./snort -c rules1 -l /var/log/snort/ there is the error message
> Problem obtaining SENSOR ID (sid) from psql->snort, ->event.
> and first line in rules1: output log_database: psql, dbname=snort, user=user
This is because you included a comma in the wrong place. Remove that
comma and it will work.
The real problem is that the database plugin ought to check for this
and either die with an error or be able to handle it.
Here is a patch for the CVS dudes.
RCS file: /home/cvs/snort/spo_log_database.c,v
retrieving revision 1.6
diff -r1.6 spo_log_database.c
< a1 = strtok(NULL, " ");
> a1 = strtok(NULL, ", ");
More information about the Snort-users