[Snort-users] Snort Sensors + logging to MSSQL

Michael Steele michaels at ...155...
Thu Jan 16 08:50:05 EST 2003


I wouldn't think it would matter to Snort where you log to as long as the
correct criteria:

1) Snort for MSSQL logging is used
2) In snort.conf the output database line are configured properly
2) Proper schema for the database has been setup on your remote MSSQL
3) Snort has an unobstructed path to the database
4) Snort runs without any errors.

I think this is all that is required.

 Michael Steele | System Engineer / Support Technician     
 mailto:michaels at ...155...    
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of shreerang
Sent: Thursday, January 16, 2003 4:43 AM
To: emechler at ...7719...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort Sensors + logging to MSSQL

Thank You for the response,

Let me a bit more clear about what I am trying to describe.

I am trying to / have configured snort to log on to the MSSQL server which
sits on a 

WIndows System .  The DB has been configured with the proper schema . 

The only problem area is to get snort (residing on the Linux machine) to log
data/events to 

the WIndows MS SQL server.

I essentially am looking for some kind of bridge to get snort , log data to
the MS SQL 

I guess this info should be good enough.

Let me know if you have a solution.


---------- Original Message ----------------------------------
From: Erick Mechler <emechler at ...7719...>
Date: Wed, 15 Jan 2003 10:34:38 -0800

>:: I have edited the snort.conf file to enable the necessary changes to log
>:: to the MSSQL server.
>:: The SQL database has been configured and the necessary database had been

>:: created.
>:: Do i need to run/enable anything else in order to log to the SQL server?
>Nope.  In very simplistic terms:
>  1. Configure snort to log to MySQL
>  2. Configure your DB with the proper snort DB schema
>  3. Give the "snort" user (whatever you may chose to call it) permissions 
>     to write to the snort DB you configured in #2.
>  4. Let 'er rip.
>If you're asking why your setup doesn't work the way you expect, we're 
>going to need a bit more information to go on :)
>Cheers - Erick
>This SF.NET email is sponsored by: A Thawte Code Signing Certificate 
>is essential in establishing user confidence by providing assurance of 
>authenticity and code integrity. Download our Free Code Signing guide:
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache 
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list