[Snort-users] mySQLis built

Garreth Jeremiah g.jeremiah at ...530...
Mon May 21 22:26:21 EDT 2001


Well, that was not fun.

I rebuilt SNOR with mysql enabled, and built mysql ( that was not fun at all ).  I amtrying to log to syslog at the same time, not knowing what facilties SNORT supports, I configured
alert_syslog: LOCAL6 LOG_LOCAL6 LOG_AUTH etc

note that I used LOCAL6 and LOG_LOCAL6

but for some reason - with my prior build ( without database support ) I had no problems and alerts were logged according to my local6 syslog directive ( /security/log/snort_log/alert ), but now ( with same snort.conf file ) only the default (/var/log/messages) receives the alerts.  Any ideas.

As stated I now have it hopefully logging to mysql.....but I don;t know diddley 'bout databases.  Is there any way I can query the database to ensure that alerts are being written in there?  Do I need to use ACID?  Any other tools?

Many thanks

Garreth J Jeremiah


--==|| The light at the end of the tunnel is often a train ||==--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010521/ea6b973c/attachment.html>


More information about the Snort-users mailing list