[Snort-users] Snort not logging to database

Bruce Radder bmrconsulting at ...9090...
Thu Sep 25 20:54:02 EDT 2003


I installed Snort 2.0.2, Apache 2.0.47, PHP 4.3.1, Mysql 4.0.12 and Acid 
0.9.6b23 from source onto my linux box running Slackware 8.1 with kernel 
2.4.18 following instructions in a Snort Installation Manual by Patrick 
Harper.  I had already been using earlier versions of Apache, PHP and Mysql 
on this box.  The install went fine and all programs are operational but, 
Snort is not logging to the database. 
I have a firewall (Shorewall) masquerading for subnet 192.168.0.0/24 on ppp0 
(a pppoe/dsl connection). Eth0 is my internal iface and Eth1 connects to the 
modem. I noticed in the snort startup script that snort would initialize and 
listen on eth0. Is that right? Or will the firewall drop packets before Snort 
can see them?
I read the manual and searched archives but haven't solved the problem.

Excerpt from snort.conf
var HOME_NET 192.168.0.0/24
var EXTERNAL_NET any
output database: log, mysql, dbname=snort user=snortusr host=localhost  / 
password=xyz

Bruce




More information about the Snort-users mailing list