[Snort-users] Oracle Database Table Explanation

Ray Seals rseals at ...2137...
Tue May 29 17:24:10 EDT 2001


Snort v 1.7

Snort is logging to the database but it's not putting anything in the event
table.

Snort is adding stuff to the IPHDR,ICMPHDR,IPHDR,TCPHDR and UDPHDR files
respectively.
Snort is also adding rows to the DATA table.

Yes, I have one entry in the sensor table which correctly states the
hostname interface and the detail and encoding I specified in the snort.conf
file.

Ray

-----Original Message-----
From: roman at ...438... [mailto:roman at ...438...]
Sent: Tuesday, May 29, 2001 12:11 PM
To: rseals at ...2137...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Oracle Database Table Explanation


Ray,

> When snort generates
> a detect it puts the header files into the appropriate tables but I never
> get the snort_events table updated.

What version of Snort?

I'm not sure what you mean by this statement.  "Header files"?
So is snort logging to the database or not?  A row should be
added to the "event" table for every triggered alert.

> This table references a signatures
> table but that table is empty also.

If both the signature and event table are empty then Snort
is definitely not logging to the database?  Any entries in the
"sensor" table?

Roman


---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/







More information about the Snort-users mailing list