[Snort-users] snort and mysql

Martin Roesch roesch at ...421...
Fri Apr 6 18:19:04 EDT 2001


Andrew Baker is the expert on this set of functionality, although the
overlapping namespace problem has been fixed in the latest dev code...

    -Marty

Andreas Hasenack wrote:
> 
> Em Tue, Apr 03, 2001 at 12:24:15AM -0400, alexus escreveu:
> > ruletype redalert
> > {
> >   type alert
> >   output alert_syslog: LOG_AUTH LOG_ALERT
> >   output database: log, mysql, user=user dbname=dbn host=localhost
> > password=password
> > }
> >
> > i replace dbn,user and password to my own things..
> > and it wouldn't log there... any ideas why?
> 
> You have to make your rules use this new ruletype. Try using
> "redalert" instead of "alert" in some rules and then trigger them.
> 
> OR, just configure the output database stuff, outside a ruletype definition.
> Check the included config file for examples. But, AFAIK, you won't be
> able to syslog and log to a database at the same time if you do this.
> 
> BTW, I would like to be able to redefine "alert" so that I don't have
> to change every rule I have to use the new type. Or am I missing something?
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list