[Snort-users] Using ACID AND SnortSnarf - How?

Ralf Henze Ralf-Chr.Henze at ...10740...
Thu Dec 11 15:31:59 EST 2003

I would like to use ACID with MySQL and SnortSnarf.
But when I run snort I've success just in one way:

1. /usr/local/bin/snort -i ppp0 -i eth1 -i eth0 -c /etc/snort/snort.conf  -l /var/log/snort/  \
    -A full -u ids -g ids -o -D 

    -A full: snort log to file /var/log/snort/alert	
	   and I can use SnortSnarf but there is no  logging to MySQL Database

2. The same as under 1. but without "-A full / fast"
     snort is logging to MySQL but there is no more output to /var/log/snort/alert and 
therefore I can't use SnortSnarf

Use of the binary output configured in snort.conf:

output alert_unified: filename /var/log/snarf/alert, limit 128
output log_unified: filename /var/log/snarf/snort.log, limit 128

is not readable from perlscript "snortsnarf.pl"

Any help?    
email: Ralf-Chr.Henze at ...10741...

More information about the Snort-users mailing list