[Snort-users] snort will not log to mysql

Hans Steinraht hsteinraht at ...9358...
Tue Jun 3 06:51:17 EDT 2003


-- 
Hi,

i'm just started playing with snort (version 2.0.0-3.1) on Linux Debian.

When I add some rules like these in local.rules:
  #alert ip any any -> any any (msg:"Got an IP packet";)
  #alert tcp any any -> any any (msg:"Got an TCP packet";)
  #alert udp any any -> any any (msg:"Got an UDP packet";)
  #alert icmp any any -> any any (msg:"Got an ICMP packet";)

all kind of data is inserted in mysql.


When I remove the rules and do a scan to the firewall computer in our
network I see entrys like "[**] [117:1:1] (spp_portscan2) Portscan detected ....." in my alert.log
and in the portscan2.log, but nothing goes to mysql.

The snort.conf file I have looks like this:

  output database: log, mysql, user=snort password=snort dbname=snort
  host=localhost  

  preprocessor portscan2: scanners_max 256, targets_max 1024, target_limit 5,
  port_limit 20, timeout 60, log portscan2.log

When I remove the option log from preprocessor portscan2 its going to log to
scan.log, but still not to mysql.

Does anyone has some advice for me on this.

thanks,
Hans






More information about the Snort-users mailing list