[Snort-users] Alerts in File and Database

shawn . moyer shawn at ...1184...
Fri Apr 13 11:22:40 EDT 2001


There are references to to doing this in both the snort.conf that ships
with Snort and the archives of this list -- basically you need to set
this up in the config file rather than the commandline.


--shawn


Uwe Kersten wrote:
> 
> Hi Folks!
> 
> I am running snort 1.7 on a SuSE 7.0 box, works absolutely fine. I am logging
> alerts to a MySQL Database and tcpdump packets to files. The command line
> looks like snort -b -i ppp0 -c /etc/snort/snort-lib -D. Now I wanted to test
> the guardian script, for that I need alerts in an alert file. So I changed
> the command line to snort -b -A fast -i ppp0 -c /etc/snort/snort-lib -D. Now
> I get an alert file, but no more logging of alerts to mysql. Seems the
> command line parameter "-A fast" has overridden the mysql command in the
> snort-lib file. Is there any possibility to log both to database and file? Do
> I have to change the snort-lib file (I think so). A second point is the
> guardian script, I started it, it caught the right interface and my IP
> number, but nothing happend even with alerts in the alert file (Stealth
> portscans). No error, no messages, no changing of ipchains rules, absolutely
> nothing, but guardian is running.
> Any ideas?


-- 

s h a w n   m o y e r
shawn at ...1184...

"Nuclear war would really set back cable."
	                     -- Ted Turner




More information about the Snort-users mailing list