[Snort-users] (no subject)
Rob.Johnson at ...9321...
Fri May 30 07:17:16 EDT 2003
In my snort.conf I have this entry
output database: log, mysql, dbname=snort user=snort host=localhost
In the sql database I have the following
| Tables_in_snort |
| acid_ag |
| acid_ag_alert |
| acid_event |
| acid_ip_cache |
| event |
| icmphdr |
| iphdr |
| sensor |
| snort |
| tcphdr |
| udphdr |
When I run snort from the command line to /var/log/snort it works everytime!
but cant get it to log to the database
From: Patrick S. Harper [mailto:lists at ...4250...]
Sent: 30 May 2003 06:02
To: Robin Johnson
Cc: 'snort-users at lists.sourceforge.net'
Subject: Re: [Snort-users] (no subject)
Did you compile with any options for databases?
check your snort.conf file
On Thu, 2003-05-29 at 05:42, Robin Johnson wrote:
> Hi ,
> excuse my ignorance but perhaps someone can help me!
> new to the mailing list and first time in building snort2 with ACID on
> Mandrake 9.1. running latest version of mysql and php.
> My question is does any one know how to get snort to stop logging
> locally and actually put the data into the mysql database so when acid
> queries the database it gets back useful information
More information about the Snort-users