[Snort-users] [snort-mysql] logging OK to logfile, not to mysql database

Michel Christophe tofm2 at ...1855...
Wed Dec 3 10:49:02 EST 2003


Hello

I am desperately trying to log snort output to a mysql database (dual
logging across a vpn will come later). Snort logging to its classical
log files (/var/log/snort/snortfiles i am running Mandrake) works
perfectly. But the recently created mysql 'snort' database remains
desperately empty although I had number of alerts since that time.

the snort database was created according to snort-2.0.1 documentation as
follows:

% echo "CREATE DATABASE snort;" | mysql -u root -p

then, logging to mysql as mysql-root user, I have done the following
privileges changes on the snort database:

mysql> grant INSERT,SELECT on snort.* to snortusr at ...274...;
Query OK, 0 rows affected (0.04 sec)

mysql> grant INSERT,SELECT,UPDATE on snort.sensor to snortusr at ...274...;
Query OK, 0 rows affected (0.01 sec)

as you see, no errors were seen

Afterwards, I have created the snort database structure, as root, using
the /usr/share/doc/snort-2.0.1/create_mysql script, with no errors at
the output

of course, both snort and mysql have been restarted afterwards

But still no logging, at all, the snort db remains empty, although text
logging in /var/log/snort goes on

here is the corresponding /etc/snort.conf section 
(...)
output log_tcpdump: tcpdump.log
(...)
output database: log, mysql, user=snortusr password=XXXX dbname=snort
host=localhost encoding=hex detail=full
(...)
Can I keep logging to files while using MySQL at the same time ? Can
this lead to errors ?

here are the versions of the softwares I use:

MySQL-common-4.0.11a-5.1mdk
MySQL-client-4.0.11a-5.1mdk
MySQL-4.0.11a-5.1mdk
libmysql10-3.23.56-1.4mdk
libmysql12-4.0.11a-5.1mdk
snort-2.0.0-2.1mdk
snort-mysql-2.0.0-2.1mdk

Thanks for clues.

-- 
Michel Christophe <tofm2 at ...1855...>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031203/1abd2f3f/attachment.sig>


More information about the Snort-users mailing list