[Snort-users] snort won't log anything in mysql

shawn . moyer shawn at ...1184...
Mon Apr 9 15:33:49 EDT 2001


Have you followed all the docs to set the database up from

http://www.incident.org/snortdb ?

i.e. do you have a user in mysql that has create, insert, and select
privileges, and have you ran the create_mysql script from the contrib
directory?

Also, you might try running snort in the foreground (without the -D) and
see what messages you see. 



--shawn

alexus wrote:
> 
> mysql> select * from event;
> Empty set (0.00 sec)
> 
> mysql>
> 
> when I used to use -s i saw snort messages there... but now no more since i
> remove -s
> 
> ----- Original Message -----
> From: <roman at ...438...>
> To: "alexus" <ml at ...1718...>; "shawn . moyer" <shawn at ...1184...>;
> <snort-users at lists.sourceforge.net>
> Sent: Monday, April 09, 2001 8:32 AM
> Subject: Re: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL
> 
> > There is indeed a verbose mode in ACID.  Set $debug_mode=1
> > in acid_conf.php.  However, I doubt this will help you much if
> > Snort is not logging to the database correctly.  Try the following
> > SQL from the mysql client:
> >
> > mysql> SELECT count(*) FROM event;
> >
> > If the count is 0, it is a safe bet that Snort is misconfigured.  As
> > a side note, are you seeing these alerts in syslog or a flat file?
> >
> > Roman
> >
> > > i've tryed -Dc..
> > >
> > > I still dont think it logs anything...
> > >
> > > is there any verbose mode for acid? i can see what's goin on?
> > >
> > >
> > > ----- Original Message -----
> > > From: "shawn . moyer" <shawn at ...1184...>
> > > To: "alexus" <ml at ...1718...>
> > > Cc: <snort-users at lists.sourceforge.net>
> > > Sent: Monday, April 09, 2001 10:45 AM
> > > Subject: Re: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL
> > >
> > >
> > > > alexus wrote:
> > > >
> > > > > snort -Dsc snort.conf
> > > >
> > > > < snort -Dsc snort.conf
> > > > > snort -Dc snort.conf
> > > >
> > > > The -s tells it to log to syslog instead of what you specify in
> > > > snort.conf.
> > > >
> > > > You know when you start it and you get the message that says "Command
> > > > line options override plugin(s)!"? That's why.
> > > >
> > > >
> > > >
> > > > p.s. CAPS = SHOUTING
> > > >
> > > > --shawn
> > > >
> > > > --
> > > >
> > > > s h a w n   m o y e r
> > > > shawn at ...1184...
> > > >
> > > > "Nuclear war would really set back cable."
> > > >                      -- Ted Turner
> > > >
> > >
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> >
> >
> >
> > ---------------------------------------------
> > This message was sent using Voicenet WebMail.
> >       http://www.voicenet.com/webmail/
> >
> >
> >
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 

s h a w n   m o y e r
shawn at ...1184...

"Nuclear war would really set back cable."
	                     -- Ted Turner




More information about the Snort-users mailing list