[Snort-users] Mysql question

David Markle davidmarkle at ...5068...
Fri Apr 25 14:30:03 EDT 2003

A couple of things could be hassling you.

The first this is to validate that the snort RPM you got was compiled
with --with-mysql=<dir>.  If it was not, thats your problem.  If it was in
there, then:

I do not want to insult your intelligence, but there could be several minor
things wrong here.  I am just guessing though.

1. Assuming by the host= its a remote mysql db ???  If not use
2. Make sure that the DB "SNORT" you created in mysql is correct.  MySQL is
case sensitive !!
3. I also assume that you created a user in mysql called "snort" with a
password of "snort".  If not, you'll need to use the default root acct in
4. ACID also needs some mysql configuration modifications for the front end
to work properly.

My Snort output plug for mysql is as follows:
output database: log, mysql, user=root password=<mypasswd> dbname=snort
host=localhost encoding=hex detail=Full

Hope this helps.

-----Original Message-----
From: Jared Raddigan [mailto:jraddigan at ...9023...]On Behalf Of
jared at ...9023...
Sent: Friday, April 25, 2003 4:54 PM
To: davidmarkle at ...5068...
Subject: RE: [Snort-users] Mysql question

Oops I thought I put that in. Here is my snort.conf file settings:

output database: log, mysql, user=snort password=snort dbname=SNORT

Everything else is was left pretty much default.



-----Original Message-----
From: David Markle [mailto:davidmarkle at ...5068...]
Sent: Friday, April 25, 2003 1:21 PM
To: jared at ...9023...; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Mysql question

What is you output plugin line for database giving this error ???

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of
jared at ...9023...
Sent: Friday, April 25, 2003 4:08 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Mysql question

I am trying to get snort to work with mysql.

I am running

With everything installed from RPM's. Snort seems to be working good until
modify the snort.conf file to have this:

WARNING: unknown output plugin: 'database'1310 Snort rules read...
1310 Option Chains linked into 139 Chain Headers
0 Dynamic rules

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list