[Snort-users] postgresql

Bryan Irvine bryan.irvine at ...9066...
Wed Jul 2 11:56:14 EDT 2003


I ran this command (with my variables replaced for yours) and got an
error that postgres wasn't even compiled in!! eek! *Do'h!*

I did a recompile --with-postgresql and now it doesn't come back with
any errors.  I see these at start time


#######################
database: compiled support for ( postgresql )
database: configured to use postgresql
database:          user = admin
database: password is set
database: database name = snort
database:          host = monitor.horvitznewspapers.net
database:   sensor name = 192.233.103.186
database:     sensor id = 1
database: schema version = 106
database: using the "log" facility
#######################

*yay*

I have it running now, I will check back shortly to see if the db is
populating.

--Bryan

On Wed, 2003-07-02 at 11:29, Jason K. Boykin wrote:
> Im using 
> /usr/local/bin/snort -u snort -o -b -l /var/log/snort -d -D -i $INTERFACE -c 
> /etc/snort/snort.conf
> Although Im logging it to localhost.
> 
> snort.conf
> 
> Under alert_syslog: Ive got
> output alert_fast: alert
> You could specify full here
> 
> Under database: Im using
> output database: alert, postgresql, dbname=snort user=snort password=xxx  
> host=localhost port=5432
> try changing host to the ip your wanting to log to and the rest of the info 
> needs to be correct.
> 
> Here is a snippet from pg_hba.conf that you will need to modify to allow your 
> snort machine to log to the database machine but it sounds like you already 
> did this.
> # Put your actual configuration here
> # ----------------------------------
> # This default configuration allows any local user to connect as any
> # PostgreSQL username, over either UNIX domain sockets or IP:
> local        all                                           trust
> host         all         127.0.0.1     255.255.255.255     trust
> 
> Hope this helps!
> 
> On Wednesday 02 July 2003 12:36 pm, Bryan Irvine wrote:
> > I'm trying to do remote logging with a postgresql db.
> >
> > I've configured postgres, and can log in remotely, all the tables ahve
> > been created (via the create_postgresql script), I can log in run sql
> > commands but can't figure out how to get snort to log to it.  I've tried    
> > output database: alert, mysql, user=username dbname=snort host=hostname
> > output database: log, mysql, user=username dbname=snort host=hostname
> > output database: alert, mysql, user=username password=password \
> > dbname=snort host=hostname
> >
> > The snort command I'm running is
> >
> > snort -i xl1 -A FULL -c /usr/local/share/snort/snort.conf -l
> > /var/www/htdocs/snort/xl1
> >
> > I've tried without the -l option (thinking maybe it can't log to a
> > directory and db at the same time) but then I get an error that
> > /var/snortsomething doesn't exist.
> >
> > Any ideas?  This seems like I'm so close...
> >
> > --Bryan
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 





More information about the Snort-users mailing list