[Snort-users] Alert Loggin to database and syslog

Ron 'The InSaNe One' Rosson insane at ...321...
Thu Jan 4 18:43:48 EST 2001


Somehwere before 1.7b8 someone switched off the ability to log to a
mysql database and to syslog. I kind of liked being able to do both
since my mysql server is not on the same machine as snort. Here is my
current command line for running snort and the snort.conf that is used:

/usr/local/bin/snort -D -d -c /etc/snort.rules

# This is the all encompassing rule set for snort.
# Created 07/01/2000
# Revision 1.0

var INTERNAL xxx.xxx.xxx.224/28
var EXTERNAL !xxx.xxx.xxx.224/28
var HOME_NET xxx.xxx.xxx.224/28

preprocessor http_decode: 80 443 8080
preprocessor minfrag: 128
preprocessor portscan: $INTERNAL 3 5 /var/log/snort/portscan
preprocessor portscan-ignorehosts: $INTERNAL xxx.xxx.xxx.10 xxx.xxx.xxx.20
output database: log, mysql, dbname=snort user=mysnort host=myhost

include: /etc/snort/vision.conf

TIA

-- 
------------------------------------------------------------------------------
Ron Rosson          			      ... and a UNIX user said ...
The InSaNe One                 			      rm -rf *
insane at ...322...     	            and all was /dev/null and *void()
------------------------------------------------------------------------------
	      Cottleston, cottleston, cottleston pie...




More information about the Snort-users mailing list