[Snort-users] snort not logging to mysql

Cary Mathews scattered at ...4621...
Wed Jan 23 11:26:09 EST 2002


(yes I read the FAQ)
I'm running snort-1.8.3 on a BSD/OS 4.x i383 machine.
   	A1: You did not set up the database plugin in your configuration file.
==>from my snort.conf:
output database: log, mysql, user=snort password=*** dbname=snort
host=localhost

	A2: You are using an older database schema, and should update it by
running the create scripts from the /contrib directory.
==>I did this.

	A3: You are using a command line option that overrides what you have in
your configuration file.  This is most often -A or -s.  NOTE: If you wish
to log to syslog as well, specify so in your configuration file rather
then the command line.
==>my command line options (will eventually want to run as a daemon):
/acu/snort/mysql/bin/snort -P 1514 -c /acu/snort/rules/snort.conf

	A4: There is a problem with your database configuration itself.
Make sure the user you specify has the correct permissions, or that the
database is even up and running.
==>I've inserted tables, selected items from the table, and deleted tables
(none of the ones created by the create_mysql script).  And mysql is
running, because I was able to to the creation and selects and inserts.

I even tried recompiling the program using these options (I'm using
BSD/OS 4.x):
./configure --with-mysql=/usr/contrib/lib/mysql --prefix=/acu/snort/mysql
make
make install

But the output of the startup is:
database: compiled support for ( )
database: configured to use mysql
database: mysql support is not compiled in this copy
 Check your configuration file to be sure you did not mis-spell "mysql".
 If you did not, you will need to reconfigure and recompile ensuring that
 you have set the correct options to the configure script. Type
 "./configure --help" to see options for the configure script.
Fatal Error, Quitting..

Any help will be greatly appreciated.

--Cary
PS - cc: please, as my subscribe message got stuck because of administriva
(I put subscribe in the subject and body :( )






More information about the Snort-users mailing list