[Snort-users] (no subject)

Robin Johnson Rob.Johnson at ...9321...
Fri May 30 07:17:16 EDT 2003


Yep
In my snort.conf I have this entry
output database: log, mysql, dbname=snort user=snort host=localhost
password=abc

In the sql database I have the following
+-----------------+
| Tables_in_snort |
+-----------------+
| acid_ag         |
| acid_ag_alert   |
| acid_event      |
| acid_ip_cache   |
| event           |
| icmphdr         |
| iphdr           |
| sensor          |
| snort           |
| tcphdr          |
| udphdr          |
+-----------------+

When I run snort from the command line to /var/log/snort it works everytime!
but cant get it to log to the database
any ideas??




-----Original Message-----
From: Patrick S. Harper [mailto:lists at ...4250...]
Sent: 30 May 2003 06:02
To: Robin Johnson
Cc: 'snort-users at lists.sourceforge.net'
Subject: Re: [Snort-users] (no subject)


http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.7
http://www.snort.org/docs/faq.html#6.15

Did you compile with any options for databases?

check your snort.conf file


On Thu, 2003-05-29 at 05:42, Robin Johnson wrote:
> Hi ,
> excuse my ignorance but perhaps someone can help me!
> new to the mailing list and first time in building snort2 with ACID on
> Mandrake 9.1. running latest version of mysql and php.
> My question is does any one know how to get snort to stop logging
> locally and actually put the data into the mysql database so when acid
> queries the database it gets back useful information
>  
> cheers
> Rob
>  




More information about the Snort-users mailing list