[Snort-users] Snort/Mysql database not logging
sean at ...1709...
Sun Apr 1 21:38:35 EDT 2001
Snort version: 1.7
Mysql version: 3.23.36
OpenBSD ver: 2.8
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=snortuser password=pword
Trying to setup ACID and everything seems to be working fine (I can
manually create a record (using the above user/privs/dbase) and it shows
up in ACID just fine.
Logs are being sent to syslog just fine, but nothing is being recorded in
mysql database. Compiled spo_database.c with DEBUG and am getting the
following message upon snort startup:
database(debug): (SELECT sid FROM sensor WHERE hostname =
'xxx.xxx.xxx.xxx' AND interface = 'ep0' AND detail = '1' AND encoding = '0' AND filter IS NULL)
database: sensor id = 1
database(debug): (SELECT max(cid) FROM event WHERE sid = '1') failed
database(debug): (SELECT vseq FROM schema) returned 100
Anyone have any ideas?
More information about the Snort-users