AW: [Snort-users] Snort correctly logging to MySQL

Juergen.Deitermann at ...6973... Juergen.Deitermann at ...6973...
Tue Sep 24 01:13:02 EDT 2002

output database: alert, mysql, user=snort password=snort dbname=snort
in addition to the log-entry in snort.conf.


-----Ursprüngliche Nachricht-----
Von: Al.Wever at ...3765... [mailto:Al.Wever at ...3765...]
Gesendet: Montag, 23. September 2002 18:28
An: snort-users at
Betreff: [Snort-users] Snort correctly logging to MySQL

Hello all,
I have been using Snort successfully for some time now as a backup IDS to
our primary systems.  Now that we have some free equipment I decided to
install Snort on a Win2K server as a test.  Along with that I have
installed MySql and ACID on an IIS server to see what the performance
issues would be like.  So far I am very impressed, so impressed that I am
about to give our primary IDS a boot out the door, but... I cant.
During the testing phase I noticed the log file alert.ids was expanding
considerably.  After further investigation I have noticed that there are
alerts residing in the log file that are not in the MySQL database.  For
example, WEB-CGI phf access and WEB-MISC /etc/passwd.  Our primary IDS did
pickup on these attacks, but Snort has not transferred them into the ACID
Does anyone have any thoughts as to why they were never sent to the MySQL

Thanks in advance
Best regards,
Al Wever

Config info:

output database: log, mysql, user=snort password=snort dbname=snort

Used to start Snort as a service.
snort -c c:\snort\snort.conf -l c:\snort\logs -i2

This email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list