[Snort-users] MySql Question

Guillaume guillaume at ...4029...
Sun Nov 11 07:08:03 EST 2001


En réponse à olliecat <olliecat at ...1409...>:

> I am logging to mysql just fine and I would rather not log anywhere
> else.  How can I do this?  I also noticed, when starting from the
> command line, I must specify a log file path otherwise I get:
> 
> "[!] ERROR: Can not get write access to logging directory
> "/var/log/snort".
> (directory doesn't exist or permissions are set incorrectly
> or it is not a directory at all)
> 
> Fatal Error, Quitting.."
> 
> Its right, there is no /var/log/snort because I want everything in the
> mysql database.  Am I missing something?
> 
> Thanks.

Hi.

I noticed quite the same thing: I only use MySQL to log alerts and all snort's
outputs, but snort seems to need some place on th:e filesystem (like
/var/log/snort).
I also noticed that if, for a reason or antother, snort can not connect to the
MySQL DB anymore, it switches to filesystem logging, i.e. logging alerts in
/var/log/snort directory. I would prefer when using MySQL for logging that snort
just stops logging instead... or, better, be able to use a backup MySQL server.

Guillaume.

**********************************
Sent with HORDE/IMP




More information about the Snort-users mailing list