[Snort-users] MySQL Help Needed w Snort

Ryan J.W. Swenson ryans at ...1448...
Thu Mar 1 12:38:12 EST 2001


Thanks everyone!

1. now db connects without -Afull option, created rules -works like a champ, very impressive.
2. Conclusion Cisco Secure IDS NIDS is a waste of money - for this kind of money I will now prefer to buy several linux systems
and throw snort on them!!

Last how do I set interface option for the Win32 port?
snort -c snort.conf -if ???  what do I set after if? It keeps telling me :

C:\snort>snort -c snortconf -l C:/snort -if1
Invalid interface '0'.

I also assume that multiple sensors can log to the same database?
Can I have it do both remote database logging and send events to Windows EventViewer?
How do I do that in the command line?

Thanks


Phil Wood wrote:

> On Mon, Feb 26, 2001 at 11:43:39PM -0500, ryan wrote:
> > Hello,
> >
> > I have got everything else working fine except the mysql connection. My
> > conf seems to work fine as well, or at least my rules and alerts are
> > being sent to general logging .
> >
> > The following line is my Output Plugin:::::
> >
> > output database: log, mysql,  user=snort dbname=snort host=localhost
> > password=snotty
>
> I use:
>
>   output database: alert, mysql, dbname=$DBNAME port=$DBPORT user=$DBUSER password=$DBPASSWD sensor_name=$SENSOR host=$DBHOST
>
>       Notice the alert and not log.
>
> >
> > isnt't that correct?
> >
> > or can I alternatively use
> >
> > output database: log, mysql,  user=snort dbname=snort host=localhost
> > password=snotty encoding=ascii detail=full
> >
> > ?
> > Well in my case neither work: I need help.
> >
> > When I load snort.conf with snort -Afull -c snort.conf I notice this
> > line
> > WARNING: command line overrides rules file alert plugin!
> > Other than that it seems fine, if I run a mysqladmin proceslist -p I
> > only confirm my query process but no sessions for snort's user.
> >
> >
> > Lastly I don't know if anyone else had this problem but you have to
> > modify snort's configure/makes considerably to understand how to link
> > its client out files to the mysql lib. It especially sucks for some of
> > our basic users who use Nusphere installs(mysql,perl,php,ssl,webmin,..)
> >
> > Thanks
> >
> >
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
>
> --
> Phil Wood, cpw at ...440...





More information about the Snort-users mailing list