[Snort-users] Using ACID AND SnortSnarf - How?
Ralf-Chr.Henze at ...10740...
Thu Dec 11 15:31:59 EST 2003
I would like to use ACID with MySQL and SnortSnarf.
But when I run snort I've success just in one way:
1. /usr/local/bin/snort -i ppp0 -i eth1 -i eth0 -c /etc/snort/snort.conf -l /var/log/snort/ \
-A full -u ids -g ids -o -D
-A full: snort log to file /var/log/snort/alert
and I can use SnortSnarf but there is no logging to MySQL Database
2. The same as under 1. but without "-A full / fast"
snort is logging to MySQL but there is no more output to /var/log/snort/alert and
therefore I can't use SnortSnarf
Use of the binary output configured in snort.conf:
output alert_unified: filename /var/log/snarf/alert, limit 128
output log_unified: filename /var/log/snarf/snort.log, limit 128
is not readable from perlscript "snortsnarf.pl"
email: Ralf-Chr.Henze at ...10741...
More information about the Snort-users