[Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL

alexus ml at ...1718...
Mon Apr 9 14:21:54 EDT 2001


mysql> select * from event;
Empty set (0.00 sec)

mysql>

when I used to use -s i saw snort messages there... but now no more since i
remove -s

----- Original Message -----
From: <roman at ...438...>
To: "alexus" <ml at ...1718...>; "shawn . moyer" <shawn at ...1184...>;
<snort-users at lists.sourceforge.net>
Sent: Monday, April 09, 2001 8:32 AM
Subject: Re: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL


> There is indeed a verbose mode in ACID.  Set $debug_mode=1
> in acid_conf.php.  However, I doubt this will help you much if
> Snort is not logging to the database correctly.  Try the following
> SQL from the mysql client:
>
> mysql> SELECT count(*) FROM event;
>
> If the count is 0, it is a safe bet that Snort is misconfigured.  As
> a side note, are you seeing these alerts in syslog or a flat file?
>
> Roman
>
> > i've tryed -Dc..
> >
> > I still dont think it logs anything...
> >
> > is there any verbose mode for acid? i can see what's goin on?
> >
> >
> > ----- Original Message -----
> > From: "shawn . moyer" <shawn at ...1184...>
> > To: "alexus" <ml at ...1718...>
> > Cc: <snort-users at lists.sourceforge.net>
> > Sent: Monday, April 09, 2001 10:45 AM
> > Subject: Re: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL
> >
> >
> > > alexus wrote:
> > >
> > > > snort -Dsc snort.conf
> > >
> > > < snort -Dsc snort.conf
> > > > snort -Dc snort.conf
> > >
> > > The -s tells it to log to syslog instead of what you specify in
> > > snort.conf.
> > >
> > > You know when you start it and you get the message that says "Command
> > > line options override plugin(s)!"? That's why.
> > >
> > >
> > >
> > > p.s. CAPS = SHOUTING
> > >
> > > --shawn
> > >
> > > --
> > >
> > > s h a w n   m o y e r
> > > shawn at ...1184...
> > >
> > > "Nuclear war would really set back cable."
> > >                      -- Ted Turner
> > >
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
>
> ---------------------------------------------
> This message was sent using Voicenet WebMail.
>       http://www.voicenet.com/webmail/
>
>
>





More information about the Snort-users mailing list