[Snort-users] mysql logging trouble
roman at ...438...
roman at ...438...
Fri Oct 12 10:30:10 EDT 2001
The portscan pre-processor only outputs to the alert facility. Modify the
database configuration to use alert instead of log:
output database: alert, mysql, user=user dbname=snort host=localhost
On Fri, 12 Oct 2001, Frontgate Lab wrote:
> Hiya.. im asking this again in a separate email so that topics dont get
> how do i figure out why the snort alerts are not getting into my
> mysql database even when i have the following line in the snort.conf?
> # database: log to a variety of databases
> # See the README.database file for more information about configuring
> output database: log, mysql, user=user dbname=snort
> # output database: alert, postgresql, user=snort dbname=snort
> # output database: log, unixodbc, user=snort dbname=snort
> # output database: log, mssql, dbname=snort user=snort
> # as databases or the network can now be avoided.
> # and a mysql database.
> # output database: log, mysql, user=snort dbname=snort
> when i do a process listing in mysql it seems that snort is no longer
> logged in from localhost after some time elapses.
> Also has anyone figured out how to get portscans into the database?
> i have the following setup on redhat 7.1 :
> [root at ...3795... /root]# snort -V
> -*> Snort! <*-
> Version 1.8.1-current (Build 79)
> By Martin Roesch (roesch at ...1935..., www.snort.org)
> [root at ...3795... /root]# rpm -q MySQL
> [root at ...3795... /root]# rpm -q MySQL-Max
> ps ax | grep snort
> 4483 ? S 0:28 snort -D -s -c /etc/snort/snort.conf -l
> 15562 pts/3 S 0:00 grep snort
> thank you :)
> Note: The information contained in this message may be privileged and
> confidential and protected from disclosure. If the reader of this
> message is not the intended recipient, or an employee or agent
> responsible for delivering this message to the intended recipient, you
> are hereby notified that any dissemination, distribution or copying of
> this communication is strictly prohibited. If you have received this
> communication in error, please notify us immediately by replying to the
> message and deleting it from your computer. Thank you. Wagner Weber &
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
This message was sent using Voicenet WebMail.
More information about the Snort-users