[Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL

alexus ml at ...1718...
Tue Apr 10 00:48:08 EDT 2001


actully for now i just want it to log into database... (and for some reason
it won't)

at the end i want it to log into database and syslog

but at this point what we all trying to do is to make it log into mysql

----- Original Message -----
From: "Joe McAlerney" <joey at ...47...>
To: "alexus" <ml at ...1718...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Monday, April 09, 2001 6:45 PM
Subject: Re: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL


> If you wanted to specify a certain set of rules to only log to syslog
> and the database, then yes.  Otherwise, you can just add the output
> lines to your configuration file and completely bypass making an
> additional rule type.
>
> output alert_syslog: LOG_AUTH LOG_ALERT
> output database: log, mysql, user=xxx dbname=xxx host=xxx password=xxxx
>
> I suspect this is what you are trying to do.  Other people have been
> confused with the ruletype example in the supplied snort.conf file as
> well.  I'm guessing that seeing the two (popular) output types in that
> example could lead one to believe that is the simplest/best way to use
> them together.
>
> -Joe M.
>
> --
> |   Joe McAlerney     joey at ...155...   |
> | Silicon Defense - Technical Support for Snort |
> |       http://www.silicondefense.com/          |
> +--                                           --+
>
> alexus wrote:
> >
> > no .. that i didn't do...
> >
> > where were i supposte to change alert to redalert?
> >
> > ----- Original Message -----
> > From: "Joe McAlerney" <joey at ...47...>
> > To: "alexus" <ml at ...1718...>
> > Cc: <snort-users at lists.sourceforge.net>
> > Sent: Monday, April 09, 2001 5:45 PM
> > Subject: Re: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL
> >
> > > Did you change your snort rule actions to type "redalert" instead of
> > > "alert"?
> > >
> > > redalert tcp any any -> any any (msg:"Hi, I was set off by a redalert
> > > rule";)
> > >
> > > Hope this helps,
> > >
> > > -Joe M.
> > >
> > > --
> > > |   Joe McAlerney     joey at ...155...   |
> > > | Silicon Defense - Technical Support for Snort |
> > > |       http://www.silicondefense.com/          |
> > > +--                                           --+
> > >
> > > alexus wrote:
> > > >
> > > > my snort won't log anything in log
> > > >
> > > > part of my snort.conf
> > > >
> > > > ruletype redalert
> > > > {
> > > >   type alert
> > > >   output alert_syslog: LOG_AUTH LOG_ALERT
> > > >   output database: log, mysql, user=xxx dbname=xxx host=xxx
> > password=xxxx
> > > > }
> > > >
> > > > what am i missing?
> > > >
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users at lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list