[Snort-users] loggin issue

roman at ...438... roman at ...438...
Thu May 10 21:15:11 EDT 2001


Well, -N disables the log facility and only enables the alert facility.  
However, from your previous email, it would appear that you 
have set the database plug-in to only read the log facility.
Either remove the -N or reconfigure the DB plugin to use
alert

output database: log, postgresql, user=root ...
                           ^^^
                            |========= with -N this needs to be alert

cheers,
Roman

> nope
> 
> no loggin and no -A
> 
> I use this
> 
> /usr/local/bin/snort -c /var/snort/snort.conf -N
> 
> L8rZ,
> 
>   )\_/(
>  < o,0 >
>     ~
>    \ /
> 
> KoAps
> 
> 
> 
> ----- Original Message -----
> From: <roman at ...438...>
> To: "Koaps" <koaps at ...1804...>
> Cc: <snort-users at lists.sourceforge.net>
> Sent: Thursday, May 10, 2001 8:35 AM
> Subject: Re: [Snort-users] loggin issue
> 
> 
> Is it logging anywhere else (e.g. to a file)? What does you
> command line look like?  Does it have a "-A", if so remove it.
> 
> Roman
> 
> > I don't get it....
> >
> > I have Snort 1.7 on OpenBSd
> >
> > it's telling me it's seeing Packets, it's sending alerts, but I see no
> data
> > in mysql....
> >
> >
> >
> ============================================================================
> > ===
> > Snort received 5065 packets and dropped 0(0.000%) packets
> >
> > Breakdown by protocol:                Action Stats:
> >     TCP: 5048       (99.664%)         ALERTS: 7
> >     UDP: 0          (0.000%)          LOGGED: 7
> >    ICMP: 12         (0.237%)          PASSED: 0
> >     ARP: 0          (0.000%)
> >    IPv6: 0          (0.000%)
> >     IPX: 0          (0.000%)
> >   OTHER: 0          (0.000%)
> > DISCARD: 0          (0.000%)
> > =======================================
> >
> > connect info
> >
> > Initializing rule chains...
> > database: compiled support for ( mysql )
> > database: configured to use mysql
> > database:          user = ids
> > database: password is set
> > database: database name = snortdb
> > database:          host = 192.168.69.5
> > database:   sensor name = 192.168.69.12
> > database:     sensor id = 2
> > database: using the "log" facility
> > 796 Snort rules read...
> > 796 Option Chains linked into 114 Chain Headers
> > 0 Dynamic rules
> > +++++++++++++++++++++++++++++++++++++++++++++++++++
> >
> >
> > I am using ACID to look at the SnortDB
> > I can see it's registered in the database as a sensor...
> >
> > I just see no data from it
> >
> >
> >
> > L8rZ,
> >
> >   )\_/(
> >  < o,0 >
> >     ~
> >    \ /
> >
> > KoAps
> >
> >
> >
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> 
> 
> 
> ---------------------------------------------
> This message was sent using Voicenet WebMail.
>       http://www.voicenet.com/webmail/
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list