[Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL
bamm at ...539...
Mon Apr 9 23:07:42 EDT 2001
Probably because by default, the output database example is before the
output to syslog. And if you try to run snort with this config (output
database; output syslog), then alerts only will only be logged to the
syslog function. It took me a while to figure this one out. By chance,
I finally swapped the order (output syslog; output database) and bingo
all was well. If this is documented somewhere, I missed it.
Joe McAlerney wrote:
> If you wanted to specify a certain set of rules to only log to syslog
> and the database, then yes. Otherwise, you can just add the output
> lines to your configuration file and completely bypass making an
> additional rule type.
> output alert_syslog: LOG_AUTH LOG_ALERT
> output database: log, mysql, user=xxx dbname=xxx host=xxx password=xxxx
> I suspect this is what you are trying to do. Other people have been
> confused with the ruletype example in the supplied snort.conf file as
> well. I'm guessing that seeing the two (popular) output types in that
> example could lead one to believe that is the simplest/best way to use
> them together.
> -Joe M.
More information about the Snort-users