[Snort-users] loggin to mySQL

Guillaume guillaume at ...1168...
Mon Jun 18 01:42:35 EDT 2001


Blake Frantz wrote:

> Hello,
>
> I'm having a problem getting snort to log to mySQL.  Everything is being
> logged to /var/log/snort.  Below are the details, any help is appreciated.
>
> This is how I have loggin setup in my snort.conf:
> ruletype log2mySQL
> {
>   type log
>   output database: log, mysql, user=snort dbname=snort host=localhost
> }
>

Check your rules : do you use "log2mySQL" facility instead of "alert" or "log" ?

I.e :
"alert tcp $EXTERNAL_NET any -> $HOME_NET 21 ....."
Should be :
"log2mySQL tcp $EXTERNAL_NET any -> $HOME_NET 21 ....."

Guillaume.






More information about the Snort-users mailing list