[Snort-users] snort and mysql

Andreas Hasenack andreas at ...1574...
Tue Apr 3 09:55:35 EDT 2001


Em Tue, Apr 03, 2001 at 12:24:15AM -0400, alexus escreveu:
> ruletype redalert
> {
>   type alert
>   output alert_syslog: LOG_AUTH LOG_ALERT
>   output database: log, mysql, user=user dbname=dbn host=localhost
> password=password
> }
> 
> i replace dbn,user and password to my own things..
> and it wouldn't log there... any ideas why?

You have to make your rules use this new ruletype. Try using
"redalert" instead of "alert" in some rules and then trigger them.

OR, just configure the output database stuff, outside a ruletype definition.
Check the included config file for examples. But, AFAIK, you won't be
able to syslog and log to a database at the same time if you do this.

BTW, I would like to be able to redefine "alert" so that I don't have
to change every rule I have to use the new type. Or am I missing something?






More information about the Snort-users mailing list