[Snort-users] Snort logging
bamm at ...539...
Mon Dec 30 07:45:06 EST 2002
Try using 'alert' vice 'log' for inserting events into the DB (ie:
output database: alert, mysql,dbname=xxx user=xxx password=xxx
hostname=127.0.0.1) and then starting snort w/the -b option for binary
logging to /var/log/snort.
On Mon, 2002-12-30 at 08:32, Sasa Jusic wrote:
> My name is Sasa and I heve recently joined to this mailing list, which I
> find very interesting and usefull.
> I have some experience in running Snort, but I am still learning and testing
> its capabilities. I think it is great product, and that it is very usefull
> for network monitoring and intrusion detection.
> Right now I'm using Snort 1.9.0 as IDS system on our network, and it is is
> configured for MySQL database logging (output database: log, mysql,
> dbname=xxx user=xxx password=xxx hostname=127.0.0.1). For data analysis and
> system monitoring I am using Snortsnarf in combination with ACID, and it
> works just fine.
> But, there is one thing bothering me, and I don't now where is the problem.
> In my /var/log/snort dir there is no other logs expect portscan.log and
> alerts log files.
> Snort logs its data to MySQL database but there is no logs in
> I'm running Snort with following arguments:
> snort -de -h xxx.xxx.xxx.xxx -l /var/log/snort -c /etc/snort/snort.conf
> In my conf file I just configured MySQL output plugin, as stated before (I
> can't see any other parameter in snort.conf which could influence on this
> I thought it will by default log normaly to /var/log/snort, beside logging
> to MySQL database.
> How can I configure Snort to log data at MySQL database and /var/log/snort
> dir at the same time?
> Thanks for help,
> Sasa Jusic,
> e-mail: sasa.jusic at ...7849...
> Laboratory for Systems and Signal, FER
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Bamm Visscher <bamm at ...539...>
More information about the Snort-users