[Snort-users] postgresql

Bryan Irvine bryan.irvine at ...9066...
Wed Jul 2 12:09:02 EDT 2003


It's logging to postgres *yay*

Thank you!

--Bryan


On Wed, 2003-07-02 at 11:57, Bryan Irvine wrote:
> I ran this command (with my variables replaced for yours) and got an
> error that postgres wasn't even compiled in!! eek! *Do'h!*
> 
> I did a recompile --with-postgresql and now it doesn't come back with
> any errors.  I see these at start time
> 
> 
> #######################
> database: compiled support for ( postgresql )
> database: configured to use postgresql
> database:          user = admin
> database: password is set
> database: database name = snort
> database:          host = monitor.horvitznewspapers.net
> database:   sensor name = 192.233.103.186
> database:     sensor id = 1
> database: schema version = 106
> database: using the "log" facility
> #######################
> 
> *yay*
> 
> I have it running now, I will check back shortly to see if the db is
> populating.
> 
> --Bryan
> 
> On Wed, 2003-07-02 at 11:29, Jason K. Boykin wrote:
> > Im using 
> > /usr/local/bin/snort -u snort -o -b -l /var/log/snort -d -D -i $INTERFACE -c 
> > /etc/snort/snort.conf
> > Although Im logging it to localhost.
> > 
> > snort.conf
> > 
> > Under alert_syslog: Ive got
> > output alert_fast: alert
> > You could specify full here
> > 
> > Under database: Im using
> > output database: alert, postgresql, dbname=snort user=snort password=xxx  
> > host=localhost port=5432
> > try changing host to the ip your wanting to log to and the rest of the info 
> > needs to be correct.
> > 
> > Here is a snippet from pg_hba.conf that you will need to modify to allow your 
> > snort machine to log to the database machine but it sounds like you already 
> > did this.
> > # Put your actual configuration here
> > # ----------------------------------
> > # This default configuration allows any local user to connect as any
> > # PostgreSQL username, over either UNIX domain sockets or IP:
> > local        all                                           trust
> > host         all         127.0.0.1     255.255.255.255     trust
> > 
> > Hope this helps!
> > 
> > On Wednesday 02 July 2003 12:36 pm, Bryan Irvine wrote:
> > > I'm trying to do remote logging with a postgresql db.
> > >
> > > I've configured postgres, and can log in remotely, all the tables ahve
> > > been created (via the create_postgresql script), I can log in run sql
> > > commands but can't figure out how to get snort to log to it.  I've tried    
> > > output database: alert, mysql, user=username dbname=snort host=hostname
> > > output database: log, mysql, user=username dbname=snort host=hostname
> > > output database: alert, mysql, user=username password=password \
> > > dbname=snort host=hostname
> > >
> > > The snort command I'm running is
> > >
> > > snort -i xl1 -A FULL -c /usr/local/share/snort/snort.conf -l
> > > /var/www/htdocs/snort/xl1
> > >
> > > I've tried without the -l option (thinking maybe it can't log to a
> > > directory and db at the same time) but then I get an error that
> > > /var/snortsomething doesn't exist.
> > >
> > > Any ideas?  This seems like I'm so close...
> > >
> > > --Bryan
> > 
> > 
> > 
> > -------------------------------------------------------
> > This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> > Data Reports, E-commerce, Portals, and Forums are available now.
> > Download today and enter to win an XBOX or Visual Studio .NET.
> > http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 





More information about the Snort-users mailing list