[Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL

alexus ml at ...1718...
Tue Apr 10 12:15:45 EDT 2001


yes i did..

mysql> select * from user where user='alexus';
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+
| Host      | User   | Password         | Select_priv | Insert_priv |
Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv |
Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv |
Index_priv | Alter_priv |
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+
| localhost | alexus | 34484ed463a66850 | Y           | Y           | N
| Y           | N           | N         | N           | N             | N
| N         | N          | N               | N          | N          |
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+
1 row in set (0.02 sec)

mysql>
----- Original Message -----
From: "van Oosterom, Peter" <Peter.vanOosterom at ...1380...>
To: "'alexus'" <ml at ...1718...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Tuesday, April 10, 2001 7:14 AM
Subject: RE: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL


> This might seem trival but have you actually verified the userid that you
> created on the database, can actually insert into the database with a
mysql
> client ?
>
>
>
> -----Original Message-----
> From: alexus [mailto:ml at ...1718...]
> Sent: Tuesday, April 10, 2001 6:48 AM
> To: Joe McAlerney
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL
>
>
> actully for now i just want it to log into database... (and for some
reason
> it won't)
>
> at the end i want it to log into database and syslog
>
> but at this point what we all trying to do is to make it log into mysql
>
> ----- Original Message -----
> From: "Joe McAlerney" <joey at ...47...>
> To: "alexus" <ml at ...1718...>
> Cc: <snort-users at lists.sourceforge.net>
> Sent: Monday, April 09, 2001 6:45 PM
> Subject: Re: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL
>
>
> > If you wanted to specify a certain set of rules to only log to syslog
> > and the database, then yes.  Otherwise, you can just add the output
> > lines to your configuration file and completely bypass making an
> > additional rule type.
> >
> > output alert_syslog: LOG_AUTH LOG_ALERT
> > output database: log, mysql, user=xxx dbname=xxx host=xxx password=xxxx
> >
> > I suspect this is what you are trying to do.  Other people have been
> > confused with the ruletype example in the supplied snort.conf file as
> > well.  I'm guessing that seeing the two (popular) output types in that
> > example could lead one to believe that is the simplest/best way to use
> > them together.
> >
> > -Joe M.
> >
> > --
> > |   Joe McAlerney     joey at ...155...   |
> > | Silicon Defense - Technical Support for Snort |
> > |       http://www.silicondefense.com/          |
> > +--                                           --+
> >
> > alexus wrote:
> > >
> > > no .. that i didn't do...
> > >
> > > where were i supposte to change alert to redalert?
> > >
> > > ----- Original Message -----
> > > From: "Joe McAlerney" <joey at ...47...>
> > > To: "alexus" <ml at ...1718...>
> > > Cc: <snort-users at lists.sourceforge.net>
> > > Sent: Monday, April 09, 2001 5:45 PM
> > > Subject: Re: [Snort-users] SNORT WON'T LOG ANYTHING IN MYSQL
> > >
> > > > Did you change your snort rule actions to type "redalert" instead of
> > > > "alert"?
> > > >
> > > > redalert tcp any any -> any any (msg:"Hi, I was set off by a
redalert
> > > > rule";)
> > > >
> > > > Hope this helps,
> > > >
> > > > -Joe M.
> > > >
> > > > --
> > > > |   Joe McAlerney     joey at ...155...   |
> > > > | Silicon Defense - Technical Support for Snort |
> > > > |       http://www.silicondefense.com/          |
> > > > +--                                           --+
> > > >
> > > > alexus wrote:
> > > > >
> > > > > my snort won't log anything in log
> > > > >
> > > > > part of my snort.conf
> > > > >
> > > > > ruletype redalert
> > > > > {
> > > > >   type alert
> > > > >   output alert_syslog: LOG_AUTH LOG_ALERT
> > > > >   output database: log, mysql, user=xxx dbname=xxx host=xxx
> > > password=xxxx
> > > > > }
> > > > >
> > > > > what am i missing?
> > > > >
> > > > > _______________________________________________
> > > > > Snort-users mailing list
> > > > > Snort-users at lists.sourceforge.net
> > > > > Go to this URL to change user options or unsubscribe:
> > > > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > Snort-users list archive:
> > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > >
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list