[Snort-users] can't log into MySQL database

Richard Liu richliu at ...1924...
Fri Apr 27 01:01:28 EDT 2001


I have a problem about snort log into MySQL database

snort version : 1.7
MySQL version : 3.23.26

I have a simple test rule
----------------------------------------
output database: log, mysql, user=snort dbname=snort host=localhost


log tcp any 21 -> any any (msg:"FTP login incorrect"; flags:PA; content: "530 Lo
gin incorrect";)
alert tcp any 21 -> any any (msg:"FTP login incorrect"; flags:PA; content: "530
Login incorrect";)
----------------------------------------
I use README.database to create my database , but user name is snort

run snort with 
==============
/usr/sbin/snort -u snort -g snort -s -d -i eth0 -l /var/log/snort -c /etc/snort/
rules
==============
command

SNORT message is below
-=====================-
Initializing Network Interface eth0
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
database(debug): database plugin is registered...

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
WARNING: command line overrides rules file alert plugin!
2 Snort rules read...
2 Option Chains linked into 2 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->log->pass

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.7
By Martin Roesch (roesch at ...66..., www.snort.org)

-====================-
I try to create a ftp connect to trigger SNORT rule

I can see a log in /var/log/snort , 
but i can't get log in MySQL database snort.

does anyone can help me to solve this problem ?

--
richliu: ICQ:4724847 





More information about the Snort-users mailing list