[Snort-users] output rule types
Andrew R. Baker
andrewb at ...1150...
Sat Mar 17 13:08:55 EST 2001
Are you using the also using the database output plugin with another
rule type? It looks like there is
a bug with associating the database plugin with multiple rule types. In
this case, many of the alerts
are not properly entered into the database. I am working on a fix for
this, which will hopefully correct
John Kiehnle wrote:
> Any clues why snort will not log to a mysql db file when the output plugin is
> associated with a ruletype such as the redalert example in snort.conf.
> Using snort 1.7
> If I uncomment the example rule type redalert which includes;
> ruletype redalert
> output alert_syslog: LOG_AUTH LOG_ALERT
> output database: log, mysql, user=piggy password=xyz dbname=snort_log
> Snort displays the db config data and starts with no errors but never logs to
> the database... syslog works Ok. If I uncomment the individual lines for each
> output plugin without the associating rule type, It works fine. Both mysql and
> syslog begin to generate logfiles.
> I noticed this happens on both my outside sensor on the DMZ and the sensor
> inside my firewall. Associate the db plugin with a ruletype and I have
> problems, uncomment it by itself and it works fine. MySQL does not complain at
> all either way.
> Am i just not getting the ruletype configured properly? It really does not look
> too complicated here... what gives?
> The more I learn, the more I realize how little I really know. :(
> John Kiehnle
> --- CHAOS -Where Great Dreams Begin ---
> Befor a great vision can become reality there may be difficulty. Befor a person
> begins a great endeavor, they may encounter chaos.
> As a new plant breaks the ground with great difficulty, foreshadowing the huge
> tree, so must we sometimes push against difficulty in bringing forth our
> "Out of Chaos, Brilliant Stars are Born."
> I-Ching Hexagram #3
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
More information about the Snort-users