[Snort-users] output rule types
john at ...1477...
Thu Mar 8 06:32:49 EST 2001
Any clues why snort will not log to a mysql db file when the output plugin is
associated with a ruletype such as the redalert example in snort.conf.
Using snort 1.7
If I uncomment the example rule type redalert which includes;
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=piggy password=xyz dbname=snort_log
Snort displays the db config data and starts with no errors but never logs to
the database... syslog works Ok. If I uncomment the individual lines for each
output plugin without the associating rule type, It works fine. Both mysql and
syslog begin to generate logfiles.
I noticed this happens on both my outside sensor on the DMZ and the sensor
inside my firewall. Associate the db plugin with a ruletype and I have
problems, uncomment it by itself and it works fine. MySQL does not complain at
all either way.
Am i just not getting the ruletype configured properly? It really does not look
too complicated here... what gives?
The more I learn, the more I realize how little I really know. :(
--- CHAOS -Where Great Dreams Begin ---
Befor a great vision can become reality there may be difficulty. Befor a person
begins a great endeavor, they may encounter chaos.
As a new plant breaks the ground with great difficulty, foreshadowing the huge
tree, so must we sometimes push against difficulty in bringing forth our
"Out of Chaos, Brilliant Stars are Born."
I-Ching Hexagram #3
More information about the Snort-users