[Snort-users] Not logging to mysql db - Help needed

Jeff Newton Jeff_Newton at ...4280...
Wed Jan 2 14:17:09 EST 2002


I think I have everything set up correctly for logging to a mysql db but
nothing is written to the db, only locally to /var/log/snort.  I would
appreciate any suggestions.  Not sure how to troubleshoot this...

Here is the set up:

Recon - the sensor has the following installed:

snort-mysql+flexresp-1.8.3-5.i386.rpm
mysql-3.23.41-1.i386.rpm
mysqlclient9-3.23.22-6.i386.rpm
mysql-devel-3.23.41-1.i386.rpm

The output plugin for /etc/snort/snort.bastion.conf is

output database: log, mysql, user=snort password=XXXX dbname=snort
host=pointman sensor_name=recon

Snort is called via:

/usr/sbin/snort -i eth1 -D -c /etc/snort/snort.bastion.conf -b -o -A
fast -z est

Pointman - the mysql db host has the following installed:

mysql-3.23.41-1.i386.rpm
mysqlclient9-3.23.22-6.i386.rpm
mysql-devel-3.23.41-1.i386.rpm


The following (from the sensor) indicates the mysql db seems to be
working:

# mysql -u snort -h pointman -p snort
Enter password: 
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 3.23.41

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> status
--------------
mysql  Ver 11.15 Distrib 3.23.41, for redhat-linux-gnu (i386)

Connection id:          1
Current database:       snort
Current user:           snort at ...4448...
Current pager:          stdout
Using outfile:          ''
Server version:         3.23.41
Protocol version:       10
Connection:             pointman via TCP/IP
Client characterset:    latin1
Server characterset:    latin1
TCP port:               3306
Uptime:                 28 sec

Threads: 1  Questions: 23  Slow queries: 0  Opens: 25  Flush tables: 1 
Open tables: 19 Queries per second avg: 0.821
--------------

mysql> show tables; 
+------------------+
| Tables_in_snort  |
+------------------+
| data             |
| detail           |
| encoding         |
| event            |
| flags            |
| icmphdr          |
| iphdr            |
| opt              |
| protocols        |
| reference        |
| reference_system |
| schema           |
| sensor           |
| services         |
| sig_class        |
| sig_reference    |
| signature        |
| tcphdr           |
| udphdr           |
+------------------+
19 rows in set (0.00 sec)


-- 
Jeff Newton




More information about the Snort-users mailing list