[Snort-users] Problems with logging

Victor Usjanov victor at ...5041...
Fri Mar 8 00:15:05 EST 2002


Hello

I have snort and demarc running here. Everything worked just fine before i
have installed guardian (a script that uses snort logs to update firewall
rules). When i have installed guardian i had to add -s option to snort, to
get snort logs to syslog. But it seems that snort stops to log to mysql
database when i use -s option. I see that snort generates new alerts ( they
apperar in /var/log/messages and in alert and in portscan and alert log
files), but nothing new comes up in demarc.  Here is what i get when i start
demarc:

snort is NOT running
Attempting to start snort
WARNING: command line overrides rules file alert plugin!
Checking if snort is running at PID: 11267
PS output:   PID TTY      STAT   TIME COMMAND
11267 pts/0    S      0:00 /usr/local/bin/snort -o -q -s -c
/usr/local/demarc/conf/snor.conf

Someone has any idea how i can fix it ? ( to log to both mysql and syslog)

--
Victor






More information about the Snort-users mailing list