[Snort-users] output rule types

John Kiehnle john at ...1477...
Thu Mar 8 06:32:49 EST 2001


Any clues why snort will not log to a mysql db file when the output plugin is
associated with a ruletype such as the redalert example in snort.conf.

Using snort 1.7 

If I uncomment the example rule type redalert which includes;

ruletype redalert
{
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=piggy password=xyz dbname=snort_log
host=localhost
}

Snort displays the db config data and starts with no errors but never logs to
the database... syslog works Ok. If I uncomment the individual lines for each
output plugin without the associating rule type, It works fine. Both mysql and
syslog begin to generate logfiles.

I noticed this happens on both my outside sensor on the DMZ and the sensor
inside my firewall. Associate the db plugin with a ruletype and I have
problems, uncomment it by itself and it works fine. MySQL does not complain at
all either way.

Am i just not getting the ruletype configured properly? It really does not look
too complicated here... what gives?

The more I learn, the more I realize how little I really know. :( 

John Kiehnle

--- CHAOS -Where Great Dreams Begin ---

Befor a great vision can become reality there may be difficulty. Befor a person
begins a great endeavor, they may encounter chaos.

As a new plant breaks the ground with great difficulty, foreshadowing the huge
tree, so must we sometimes push against difficulty in bringing forth our
dreams.

"Out of Chaos, Brilliant Stars are Born."

I-Ching Hexagram #3






More information about the Snort-users mailing list