[Snort-users] Snort not logging to database
bmrconsulting at ...9090...
Thu Sep 25 20:54:02 EDT 2003
I installed Snort 2.0.2, Apache 2.0.47, PHP 4.3.1, Mysql 4.0.12 and Acid
0.9.6b23 from source onto my linux box running Slackware 8.1 with kernel
2.4.18 following instructions in a Snort Installation Manual by Patrick
Harper. I had already been using earlier versions of Apache, PHP and Mysql
on this box. The install went fine and all programs are operational but,
Snort is not logging to the database.
I have a firewall (Shorewall) masquerading for subnet 192.168.0.0/24 on ppp0
(a pppoe/dsl connection). Eth0 is my internal iface and Eth1 connects to the
modem. I noticed in the snort startup script that snort would initialize and
listen on eth0. Is that right? Or will the firewall drop packets before Snort
can see them?
I read the manual and searched archives but haven't solved the problem.
Excerpt from snort.conf
var HOME_NET 192.168.0.0/24
var EXTERNAL_NET any
output database: log, mysql, dbname=snort user=snortusr host=localhost /
More information about the Snort-users