[Snort-users] Snortdb: Logging both to MySQL and local disk?

KS ksl at ...371...
Thu Sep 7 13:04:42 EDT 2000


Hi,
Is there a way of both logging to a remote MySQL db and still get that nice 
directory tree (usually in /var/log/snort/) divided into IP-dirs with 
packet payload?

I have tried multiple output entries in rules.base, like:
output alert_syslog: LOG_AUTH LOG_ALERT
output log_database: mysql, user=someuser password=xxxxx dbname=snort_IDS 
host=x.x.x.x
output alerts_full: /var/log/snort/                     (also tried with 
.../snort.log)
output log_tcpdump: /var/log/snort/snort.log    (snort died with this one - 
need some inc and libs in configure like MySQL??)

All alerts goes into the MySQL db and portscans get logged in 
/var/log/snort/portscan.log, but the packet payload seemes to be lost.


Thanks in advance,
   Kyrre Sletsjøe




More information about the Snort-users mailing list