[Snort-users] [snort-mysql] logging OK to logfile, not to mysql database

Josh Berry josh.berry at ...10221...
Wed Dec 3 21:04:02 EST 2003


Have you tested running the snort instance without using daemon mode (-D)
and watching to see if snort complains?  If so are you getting any errors
with snort?  Does it say that it has connected?

> Hello
>
> I am desperately trying to log snort output to a mysql database (dual
> logging across a vpn will come later). Snort logging to its classical
> log files (/var/log/snort/snortfiles i am running Mandrake) works
> perfectly. But the recently created mysql 'snort' database remains
> desperately empty although I had number of alerts since that time.
>
> the snort database was created according to snort-2.0.1 documentation as
> follows:
>
> % echo "CREATE DATABASE snort;" | mysql -u root -p
>
> then, logging to mysql as mysql-root user, I have done the following
> privileges changes on the snort database:
>
> mysql> grant INSERT,SELECT on snort.* to snortusr at ...274...;
> Query OK,  rows affected (0.04 sec)
>
> mysql> grant INSERT,SELECT,UPDATE on snort.sensor to snortusr at ...274...;
> Query OK,  rows affected (0.01 sec)
>
> as you see, no errors were seen
>
> Afterwards, I have created the snort database structure, as root, using
> the /usr/share/doc/snort-2.0.1/create_mysql script, with no errors at
> the output
>
> of course, both snort and mysql have been restarted afterwards
>
> But still no logging, at all, the snort db remains empty, although text
> logging in /var/log/snort goes on
>
> here is the corresponding /etc/snort.conf section
> (...)
> output log_tcpdump: tcpdump.log
> (...)
> output database: log, mysql, user=snortusr password=XXXX dbname=snort
> host=localhost encoding=hex detail=full
> (...)
> Can I keep logging to files while using MySQL at the same time ? Can
> this lead to errors ?
>
> here are the versions of the softwares I use:
>
> MySQL-common-4.0.11a-5.1mdk
> MySQL-client-4.0.11a-5.1mdk
> MySQL-4.0.11a-5.1mdk
> libmysql10-3.23.56-1.4mdk
> libmysql12-4.0.11a-5.1mdk
> snort-2.0.0-2.1mdk
> snort-mysql-2.0.0-2.1mdk
>
> Thanks for clues.
>
> --
> Michel Christophe <tofm2 at ...1855...>
>


Thanks,
Josh Berry, CTO
LinkNet-Solutions
469-831-8543
josh.berry at ...10268...





More information about the Snort-users mailing list