[Snort-users] Portscans logging to MySQL

Ron 'The InSaNe One' Rosson insane at ...321...
Tue Apr 10 20:54:31 EDT 2001


I am running snort with mysql + syslog logging and for some reason it is
not logging the portscans to the mysql server.

Here is the version output:

insane-postal> snort -V

-*> Snort! <*-
Version 1.8-beta1 (Build 10)
By Martin Roesch (roesch at ...66..., www.snort.org)

Here is the command line:

/usr/local/bin/snort -D -d -c /etc/snort.rules

Here is the ruleset:

var INTERNAL xx.xx.xx.24/29
var EXTERNAL !xx.xx.xx.24/29
var HOME_NET xx.xx.xx.24/29

preprocessor minfrag: 128
preprocessor defrag
preprocessor stream2: timeout 10, ports 21 23 80 110 143, maxbytes 16384
preprocessor http_decode: 80 443 8080 -unicode -cginull
preprocessor rpc_decode: 111 32771
preprocessor bo: -nobrute
preprocessor portscan: $INTERNAL 4 3 /var/log/snort/portscan
preprocessor portscan-ignorehosts: $INTERNAL xxx.xxx.xxx.10 xxx.xxx.xxx.20
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=snort dbname=snort host=localhost


include /etc/snort/vision.conf


I am also checking using Acid Version 9.6b6 to make it for easy viewing
if that helps    ;-).

TIA

P.S. It is loggin to syslog
-- 
------------------------------------------------------------------------------
Ron Rosson          			      ... and a UNIX user said ...
The InSaNe One                 			      rm -rf *
insane at ...322...     	            and all was /dev/null and *void()
------------------------------------------------------------------------------
       All I wanted was a signature, and I got my two front teeth.




More information about the Snort-users mailing list