[Snort-users] mySQLis built
g.jeremiah at ...530...
Mon May 21 22:26:21 EDT 2001
Well, that was not fun.
I rebuilt SNOR with mysql enabled, and built mysql ( that was not fun at all ). I amtrying to log to syslog at the same time, not knowing what facilties SNORT supports, I configured
alert_syslog: LOCAL6 LOG_LOCAL6 LOG_AUTH etc
note that I used LOCAL6 and LOG_LOCAL6
but for some reason - with my prior build ( without database support ) I had no problems and alerts were logged according to my local6 syslog directive ( /security/log/snort_log/alert ), but now ( with same snort.conf file ) only the default (/var/log/messages) receives the alerts. Any ideas.
As stated I now have it hopefully logging to mysql.....but I don;t know diddley 'bout databases. Is there any way I can query the database to ensure that alerts are being written in there? Do I need to use ACID? Any other tools?
Garreth J Jeremiah
--==|| The light at the end of the tunnel is often a train ||==--
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users