[Snort-users] [snort-mysql] logging OK to logfile, not to mysql database

Michel Christophe tofm2 at ...1855...
Wed Dec 3 10:49:02 EST 2003


I am desperately trying to log snort output to a mysql database (dual
logging across a vpn will come later). Snort logging to its classical
log files (/var/log/snort/snortfiles i am running Mandrake) works
perfectly. But the recently created mysql 'snort' database remains
desperately empty although I had number of alerts since that time.

the snort database was created according to snort-2.0.1 documentation as

% echo "CREATE DATABASE snort;" | mysql -u root -p

then, logging to mysql as mysql-root user, I have done the following
privileges changes on the snort database:

mysql> grant INSERT,SELECT on snort.* to snortusr at ...274...;
Query OK, 0 rows affected (0.04 sec)

mysql> grant INSERT,SELECT,UPDATE on snort.sensor to snortusr at ...274...;
Query OK, 0 rows affected (0.01 sec)

as you see, no errors were seen

Afterwards, I have created the snort database structure, as root, using
the /usr/share/doc/snort-2.0.1/create_mysql script, with no errors at
the output

of course, both snort and mysql have been restarted afterwards

But still no logging, at all, the snort db remains empty, although text
logging in /var/log/snort goes on

here is the corresponding /etc/snort.conf section 
output log_tcpdump: tcpdump.log
output database: log, mysql, user=snortusr password=XXXX dbname=snort
host=localhost encoding=hex detail=full
Can I keep logging to files while using MySQL at the same time ? Can
this lead to errors ?

here are the versions of the softwares I use:


Thanks for clues.

Michel Christophe <tofm2 at ...1855...>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031203/1abd2f3f/attachment.sig>

More information about the Snort-users mailing list