[Snort-users] MySQL Help Needed w Snort

Phil Wood cpw at ...440...
Thu Mar 1 10:22:01 EST 2001


On Mon, Feb 26, 2001 at 11:43:39PM -0500, ryan wrote:
> Hello,
> 
> I have got everything else working fine except the mysql connection. My
> conf seems to work fine as well, or at least my rules and alerts are
> being sent to general logging .
> 
> The following line is my Output Plugin:::::
> 
> output database: log, mysql,  user=snort dbname=snort host=localhost
> password=snotty

I use:

  output database: alert, mysql, dbname=$DBNAME port=$DBPORT user=$DBUSER password=$DBPASSWD sensor_name=$SENSOR host=$DBHOST

      Notice the alert and not log.

> 
> isnt't that correct?
> 
> or can I alternatively use
> 
> output database: log, mysql,  user=snort dbname=snort host=localhost
> password=snotty encoding=ascii detail=full
> 
> ?
> Well in my case neither work: I need help.
> 
> When I load snort.conf with snort -Afull -c snort.conf I notice this
> line
> WARNING: command line overrides rules file alert plugin!
> Other than that it seems fine, if I run a mysqladmin proceslist -p I
> only confirm my query process but no sessions for snort's user.
> 
> 
> Lastly I don't know if anyone else had this problem but you have to
> modify snort's configure/makes considerably to understand how to link
> its client out files to the mysql lib. It especially sucks for some of
> our basic users who use Nusphere installs(mysql,perl,php,ssl,webmin,..)
> 
> Thanks
> 
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list