[Snort-users] Question about Snort/ACID/MySQL and how they play together

Michael Steele michaels at ...155...
Wed Apr 23 22:20:20 EDT 2003


Jacob,

 

My documentation had a left over from 1.8.x days. You can remove the 'output
database log..' line.

The 'output database alert .' will do both, log and alert.

I'm not real sure but I think you have to remove the -A fast.

 -Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155...
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Snow Jacob C
KPWA
Sent: Wednesday, April 23, 2003 10:48 AM
To: 'snort-users at lists.sourceforge.net'; 'Michael Steele'
Subject: [Snort-users] Question about Snort/ACID/MySQL and how they play
together

 

Just a curious question when you have:

 

output database: log, mysql, user=snort1 password=test_snort dbname=snort
host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1

output database: alert, mysql, user=snort1 password=test_snort dbname=snort
host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1

 

in the snort.conf file will you get alerts in the log file as well?

 

I have installed the service with:

 

snort /service /install -o -A fast -l d:/applications/snort/log -c
d:/applications/snort/etc/snort.conf -d -i3

 

when I run this from the command prompt (minus the /service and /install and
with the output line removed in snort.conf) it works well and gives me
alerts and all is well with the world, but when I add the output lines back
in hoping to get it to log the alerts to a database, I get no alerts in the
database, but I do get them in the log folder.  I have checked to make sure
I am getting a connection to the database with: telnet <databse comp name>
3306 and get the funny line of characters and such (aka doesn't puke).  

 

I am wondering why none of my alerts are going to the database, but are
instead going to the log folder?  Anyone have any ideas or do you need more
information or anything.

 

 

 

Thank you,

 

Jacob Snow

jacobsc at ...160...

(360)315-3487

NAVSEA Intern

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030423/0747c788/attachment.html>


More information about the Snort-users mailing list