[Snort-users] snort ?> mysql

Roger Brown roger.brown at ...9881...
Mon Aug 25 12:05:23 EDT 2003

I'm connecting to a remote;  thanks for the -T switch; here's what I came up with.
It looks like I have a problem with the mysql build - I tried the ./configure and didn't get any errors but I still get the message below:

telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119 
database: compiled support for ( )
database: configured to use mysql
database: 'mysql' support is not compiled into this build of snort

ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.

If this build of snort was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..

>>> Edin Dizdarevic <edin.dizdarevic at ...7509...> 08/21/03 10:40AM >>>


Are you connecting to localhost or the remote one?

If it is a remote host you can try "netstat -nap" to see
if Snort is connecting. You should see something like this:

tcp 0 0   ESTABLISHED -

Run Snort with the "-T" switch:

snort -c /etc/snort.conf -i eth0 -T

and post the results here...



Roger Brown wrote:
> Nothing in the logs that stands out to me - since snort is starting
> up ok I'm not sure what to be looking for.
>>>> Ralf Spenneberg <lists at ...9778...> 08/15/03 01:00AM >>>
> Am Fre, 2003-08-15 um 01.08 schrieb Roger Brown:
>> From the snort box I did a > mysql -u snort -p --host=
>>  and it connected ok
>> From the mysql database server I did a $ echo "SELECT count(*) FROM
>>  event" | snort -u root -p
>> and got a count (*) of 0
>> Below is a insert of my snort.conf file output database: log,
>> mysql, user=snort password=mypass dbname=snort host=
> Any hint in the snort logs when starting up?
> Cheers,
> Ralf

Edin Dizdarevic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030825/c5ca513a/attachment.html>

More information about the Snort-users mailing list