[Snort-users] Using Snortdb

Joe McAlerney joey at ...155...
Tue Mar 27 12:19:51 EST 2001

Siddhartha Jain wrote:
> Hi,
> I compiled Snort with support for Mysql and put the following line in the
> conf :-
> ruletype redalert
>  {
>    type alert
>     output alert_syslog: LOG_LOCAL5 LOG_ALERT
>     output alert_database: mysql, user=root password=xxxxx dbname=snort
> host=localhost
>  }
> I still don't see anything in the database. How do i debug this?

You are using an older syntax for the database plugin.  The correct
syntax would be:

output database: log, mysql, user=root password=xxxxx dbname=snort

It would probably be a good idea to create another user so you do not
need to use root.

Additionally, make sure the rules you want to log in the database and
syslog are of type "redalert" instead of "alert", and don't use the -A
option at the command line.

-Joe M.

|   Joe McAlerney     joey at ...155...   |
| Silicon Defense - Technical Support for Snort |
|       http://www.silicondefense.com/          |
+--                                           --+

More information about the Snort-users mailing list