[Snort-users] Snort/Mysql database not logging

Sean Graham sean at ...1709...
Sun Apr 1 21:38:35 EDT 2001


Snort version: 1.7
Mysql version: 3.23.36
  OpenBSD ver: 2.8

snort.conf:

output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=snortuser password=pword
dbname=snort-log host=localhost

Trying to setup ACID and everything seems to be working fine (I can
manually create a record (using the above user/privs/dbase) and it shows
up in ACID just fine.

Logs are being sent to syslog just fine, but nothing is being recorded in
mysql database.  Compiled spo_database.c with DEBUG and am getting the
following message upon snort startup:

database(debug): (SELECT sid FROM sensor WHERE hostname =
'xxx.xxx.xxx.xxx' AND interface = 'ep0' AND detail = '1' AND encoding = '0' AND filter IS NULL)
returned 1
database:     sensor id = 1
database(debug): (SELECT max(cid) FROM event WHERE sid = '1') failed
database(debug): (SELECT vseq FROM schema) returned 100

Anyone have any ideas?

--
sean






More information about the Snort-users mailing list