[Snort-users] mysql logging trouble

roman at ...438... roman at ...438...
Fri Oct 12 10:30:10 EDT 2001


The portscan pre-processor only outputs to the alert facility.  Modify the
database configuration to use alert instead of log:

output database: alert, mysql, user=user dbname=snort host=localhost

Roman

On Fri, 12 Oct 2001, Frontgate Lab wrote:
 
> 
> Hiya.. im asking this again in a separate email so that topics dont get
> confused:
> 
> how do i figure out why the snort alerts are not getting into my
> mysql database even when i have the following line in the snort.conf?
> 
> # database: log to a variety of databases
> # See the README.database file for more information about configuring
>  output database: log, mysql, user=user dbname=snort
> host=localhost
> # output database: alert, postgresql, user=snort dbname=snort
> # output database: log, unixodbc, user=snort dbname=snort
> # output database: log, mssql, dbname=snort user=snort
> password=test
> # as databases or the network can now be avoided.  
> # and a mysql database.
> #   output database: log, mysql, user=snort dbname=snort
> host=localhost
> 
> when i do a process listing in mysql it seems that snort  is no longer
> logged in from localhost after some time elapses. 
> 
> Also has anyone figured out how to get portscans into the database?
> 
> 
> i have the following setup on redhat 7.1 :
> 
> [root at ...3795... /root]# snort -V
> 
> -*> Snort! <*-
> Version 1.8.1-current (Build 79)
> By Martin Roesch (roesch at ...1935..., www.snort.org)
> 
> [root at ...3795... /root]# rpm -q MySQL
> MySQL-3.23.43-1
> 
> [root at ...3795... /root]# rpm -q MySQL-Max
> MySQL-Max-3.23.43-1
>  
> 
> ps ax | grep snort
>  4483 ?        S      0:28 snort -D -s -c /etc/snort/snort.conf -l
> /var/log/snor
> 15562 pts/3    S      0:00 grep snort
> 
> 
> thank you :)
> 
> Madhav
> 
> 
> Note: The information contained in this message may be privileged and
> confidential and protected from disclosure.  If the reader of this
> message is not the intended recipient, or an employee or agent
> responsible for delivering this message to the intended recipient, you
> are hereby notified that any dissemination, distribution or copying of
> this communication is strictly prohibited. If you have received this
> communication in error, please notify us immediately by replying to the
> message and deleting it from your computer.  Thank you.  Wagner Weber &
> Williams
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 




---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list