[Snort-users] [snort-mysql] logging OK to logfile, not to mysql database
josh.berry at ...10221...
Wed Dec 3 21:04:02 EST 2003
Have you tested running the snort instance without using daemon mode (-D)
and watching to see if snort complains? If so are you getting any errors
with snort? Does it say that it has connected?
> I am desperately trying to log snort output to a mysql database (dual
> logging across a vpn will come later). Snort logging to its classical
> log files (/var/log/snort/snortfiles i am running Mandrake) works
> perfectly. But the recently created mysql 'snort' database remains
> desperately empty although I had number of alerts since that time.
> the snort database was created according to snort-2.0.1 documentation as
> % echo "CREATE DATABASE snort;" | mysql -u root -p
> then, logging to mysql as mysql-root user, I have done the following
> privileges changes on the snort database:
> mysql> grant INSERT,SELECT on snort.* to snortusr at ...274...;
> Query OK, rows affected (0.04 sec)
> mysql> grant INSERT,SELECT,UPDATE on snort.sensor to snortusr at ...274...;
> Query OK, rows affected (0.01 sec)
> as you see, no errors were seen
> Afterwards, I have created the snort database structure, as root, using
> the /usr/share/doc/snort-2.0.1/create_mysql script, with no errors at
> the output
> of course, both snort and mysql have been restarted afterwards
> But still no logging, at all, the snort db remains empty, although text
> logging in /var/log/snort goes on
> here is the corresponding /etc/snort.conf section
> output log_tcpdump: tcpdump.log
> output database: log, mysql, user=snortusr password=XXXX dbname=snort
> host=localhost encoding=hex detail=full
> Can I keep logging to files while using MySQL at the same time ? Can
> this lead to errors ?
> here are the versions of the softwares I use:
> Thanks for clues.
> Michel Christophe <tofm2 at ...1855...>
Josh Berry, CTO
josh.berry at ...10268...
More information about the Snort-users