[Snort-users] Alerts in File and Database

Uwe Kersten uwe_kersten at ...1820...
Fri Apr 13 10:57:51 EDT 2001


Hi Folks!

I am running snort 1.7 on a SuSE 7.0 box, works absolutely fine. I am logging 
alerts to a MySQL Database and tcpdump packets to files. The command line
looks like snort -b -i ppp0 -c /etc/snort/snort-lib -D. Now I wanted to test 
the guardian script, for that I need alerts in an alert file. So I changed 
the command line to snort -b -A fast -i ppp0 -c /etc/snort/snort-lib -D. Now 
I get an alert file, but no more logging of alerts to mysql. Seems the 
command line parameter "-A fast" has overridden the mysql command in the 
snort-lib file. Is there any possibility to log both to database and file? Do 
I have to change the snort-lib file (I think so). A second point is the 
guardian script, I started it, it caught the right interface and my IP 
number, but nothing happend even with alerts in the alert file (Stealth 
portscans). No error, no messages, no changing of ipchains rules, absolutely 
nothing, but guardian is running. 
Any ideas?

Regards
Uwe
-- 
-------------------------------------------------------
                     Uwe Kersten
           E-Mail: uwe.kersten at ...1821...
                   PGP: 87A5676F
           Keyserver: wwwkeys.de.pgp.net
-------------------------------------------------------




More information about the Snort-users mailing list