AW: [Snort-users] Snort correctly logging to MySQL

Juergen.Deitermann at ...6973... Juergen.Deitermann at ...6973...
Tue Sep 24 01:13:02 EDT 2002


Hi,
try
output database: alert, mysql, user=snort password=snort dbname=snort
host=localhost
in addition to the log-entry in snort.conf.

Regards
Juergen

-----Ursprüngliche Nachricht-----
Von: Al.Wever at ...3765... [mailto:Al.Wever at ...3765...]
Gesendet: Montag, 23. September 2002 18:28
An: snort-users at lists.sourceforge.net
Betreff: [Snort-users] Snort correctly logging to MySQL


Hello all,
I have been using Snort successfully for some time now as a backup IDS to
our primary systems.  Now that we have some free equipment I decided to
install Snort on a Win2K server as a test.  Along with that I have
installed MySql and ACID on an IIS server to see what the performance
issues would be like.  So far I am very impressed, so impressed that I am
about to give our primary IDS a boot out the door, but... I cant.
During the testing phase I noticed the log file alert.ids was expanding
considerably.  After further investigation I have noticed that there are
alerts residing in the log file that are not in the MySQL database.  For
example, WEB-CGI phf access and WEB-MISC /etc/passwd.  Our primary IDS did
pickup on these attacks, but Snort has not transferred them into the ACID
database.
Does anyone have any thoughts as to why they were never sent to the MySQL
database?

Thanks in advance
Best regards,
Al Wever


Config info:

Snort.conf
output database: log, mysql, user=snort password=snort dbname=snort
host=localhost

Used to start Snort as a service.
snort -c c:\snort\snort.conf -l c:\snort\logs -i2



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list