[Snort-users] (no subject)

Robin Johnson Rob.Johnson at ...9321...
Fri May 30 07:17:28 EDT 2003


this is what im getting from 127.0.0.1/acid_main.php
Added 0 alert(s) to the Alert cache

Queried on : Fri May 30, 2003 15:08:37
Database: snort at ...274...    (schema version: 0) 
Time window: no alerts detected Sensors: 0 
Unique Alerts: 0
Total Number of Alerts: 0
Source IP addresses: 0
Dest. IP addresses: 0
Unique IP links 0

Source Ports: 0
TCP ( 0)  UDP ( 0)
Dest. Ports: 0
TCP ( 0)  UDP ( 0)
 Traffic Profile by ProtocolTCP (0%)  
    
UDP (0%)  
    
ICMP (0%)  
    


----------------------------------------------------------------------------
----

Portscan Traffic (0%)   
    
 



Search 
Graph Alert data (EXPERIMENTAL) 

Snapshot Most recent Alerts: any protocol, TCP, UDP, ICMP 
Today's: alerts unique, listing; IP src / dst 
Last 24 Hours: alerts unique, listing; IP src / dst 
Last 72 Hours: alerts unique, listing; IP src / dst 
Most recent 15 Unique Alerts 

Last Source Ports: any , TCP , UDP 
Last Destination Ports: any , TCP , UDP 
 Most frequent 5 Alerts 

Most Frequent Source Ports: any , TCP , UDP 
Most Frequent Destination Ports: any , TCP , UDP 

Most frequent 15 addresses: source, destina 

-----Original Message-----
From: Robin Johnson 
Sent: 30 May 2003 15:11
To: 'Patrick S. Harper'; Robin Johnson
Cc: 'snort-users at lists.sourceforge.net'
Subject: RE: [Snort-users] (no subject)


Yep
In my snort.conf I have this entry
output database: log, mysql, dbname=snort user=snort host=localhost
password=abc

In the sql database I have the following
+-----------------+
| Tables_in_snort |
+-----------------+
| acid_ag         |
| acid_ag_alert   |
| acid_event      |
| acid_ip_cache   |
| event           |
| icmphdr         |
| iphdr           |
| sensor          |
| snort           |
| tcphdr          |
| udphdr          |
+-----------------+

When I run snort from the command line to /var/log/snort it works everytime!
but cant get it to log to the database
any ideas??




-----Original Message-----
From: Patrick S. Harper [mailto:lists at ...4250...]
Sent: 30 May 2003 06:02
To: Robin Johnson
Cc: 'snort-users at lists.sourceforge.net'
Subject: Re: [Snort-users] (no subject)


http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.7
http://www.snort.org/docs/faq.html#6.15

Did you compile with any options for databases?

check your snort.conf file


On Thu, 2003-05-29 at 05:42, Robin Johnson wrote:
> Hi ,
> excuse my ignorance but perhaps someone can help me!
> new to the mailing list and first time in building snort2 with ACID on
> Mandrake 9.1. running latest version of mysql and php.
> My question is does any one know how to get snort to stop logging
> locally and actually put the data into the mysql database so when acid
> queries the database it gets back useful information
>  
> cheers
> Rob
>  




More information about the Snort-users mailing list