[Snort-users] Error logging to Mysql

Pablo Castillo pcastillo at ...453...
Thu Sep 14 11:27:14 EDT 2000


I have the same problem as you,  my FreeBSD box have to network cards and
the error messages gone when use the "-i" option of snort.

Here's the line where that throw the error:

"spo_log_database.c"
<...>
        mysql_free_result(m_result);
        if(!result)
        {
            ErrorMessage("Error: %s\n", mysql_error(m_sock));
        }
<...>

Pablo.


On Wed, 6 Sep 2000, Jason Boyer wrote:

> 
> Still clueless as what it is. 
> 
> This line is defined right before all my alert rules.
> 
> output log_database: mysql, dbname=snort user=snort host=localhost  
> 
> I whacked the previouse db and created a new one and used the cvs create_mysql
> with still no luck and the same error msg. I was unable to get the cvs version
> to compile. 
> 
> I am using snort 1.6.3 and
> 
> mysql> status
> --------------
> mysql  Ver 9.38 Distrib 3.22.32, for pc-linux-gnu (i686)
>  
> Connection id:          7
> Current database:    snort	
> Current user:           snort at ...274...
> Server version          3.22.32
> Protocol version        10
> Connection              Localhost via UNIX socket
> UNIX socket             /tmp/mysql.sock
> Uptime:                 4 min 11 sec                        
> 
> 
> On Wed, 06 Sep 2000, Bruno Pinaud wrote:
> > Can you put the line where you declare the output log_database in your rules
> > file because it's a little bit difficult without it
> > 
> > Bruno PINAUD
> > Ecole Polytechnique de l'Université de Nantes
> > www.polytech.univ-nantes.fr
> > ----- Original Message -----
> > From: "Jason Boyer" <jason at ...418...>
> > To: <snort-users at lists.sourceforge.net>
> > Sent: Wednesday, September 06, 2000 4:48 PM
> > Subject: [Snort-users] Error logging to Mysql
> > 
> > 
> > >
> > > Everything seems to be working except I see this error when I start snort
> > and
> > > it doesn't seem to log anything to the database. Anyone have any ideas
> > what I
> > > am doing wrong?
> > >
> > > Initializing Network Interface...
> > > Kernel filter, protocol ALL, raw packet socket
> > >    => Decoding Ethernet on interface eth0
> > > Initializing Preprocessors!
> > > Initializing Plug-ins!
> > > Initializating Output Plugins!
> > >
> > > +++++++++++++++++++++++++++++++++++++++++++++++++++
> > > Initializing rule chains...
> > > log_database: Database type is mysql
> > > log_database: Database name is snort
> > > log_database: User set to snort
> > > log_database: Host set to localhost
> > > Error:
> > > 309 Snort rules read...
> > > 309 Option Chains linked into 145 Chain Headers
> > > +++++++++++++++++++++++++++++++++++++++++++++++++++
> > >
> > >
> > > Thanks,
> > > Jason
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > http://lists.sourceforge.net/mailman/listinfo/snort-users
> > 
> >  
> > ______________________________________________________________________________
> > Vous avez un site perso ?
> > 2 millions de francs à gagner sur i(france) !
> > Webmasters: ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
> > 
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 




More information about the Snort-users mailing list