[Snort-users] PureSecure is crazy

Ian Macdonald secsnort at ...5528...
Tue Jun 18 07:19:02 EDT 2002


They introduced a couple extra arguments in the mysql output module to help
solve this problem. In the snort.conf file make sure you have on the output
line sensor_name=YOURSENSOR and sid=YOURSENSORID. My looks like

output database: alert, mysql, user=snort dbname=snort
sensor_name=SENSOR-NIC2 sid=1 password=SNORTPASSWORD host=localhost


hope this helps

Ian
----- Original Message -----
From: "François Jan" <fjan at ...143...>
To: <snort-users at lists.sourceforge.net>
Sent: Monday, June 17, 2002 5:48 PM
Subject: [Snort-users] PureSecure is crazy


> Hi,
>
> I tried to find the answer on this mailing-list but nobody seems to have
> ran into the same problem as me so I'm gonna explain it in hope somebody
> has a solution.
>
> I upgraded from demarc 1.05 to PureSecure 1.6 on a redhat 7.3.
> I run snort on ppp0 on one server and the console on another computer.
>
> When I first started, I noticed a sensor I didn't know of. I deleted it
> through the console but it keeps coming back with increasing sensor id.
> I looked into MySQL but couldn't understand where this sensor comes
> from.
>
> Since my psd.conf indicates sensorid = 1, I began to think about psd not
> using psd.conf. Another point : if I change snort options in this same
> file and I restart psd, it doesn't care about my options and uses the
> "-o -N" default.
>
> my psd.conf file is in the place it should be
> (/usr/local/puresecure/sensor/conf) and I really don't have a clue where
> to start from.
>
> Thanks.
>
>
> --
> François Jan <fjan at ...143...>
>
>
> --------------------------------------------------------------------------
--------------------------
>                                      Sponsor's Message
> --------------------------------------------------------------------------
--------------------------
>                       Bringing you mounds of caffeinated joy
>                          >>>     http://thinkgeek.com/sf    <<<
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list
>





More information about the Snort-users mailing list