[Snort-users] Snot Newb Question

Bryan Irvine bryan.irvine at ...9066...
Mon Apr 19 10:50:07 EDT 2004


is your db a mysql one? is your sql username snort? and your password
password? running on localhost?  if all that is true, did you compile
snort with mysql support?



On Mon, 2004-04-19 at 10:45, Shaun Gray wrote:
> Please forgive my questions as I am very used to the M$ and Novell NOS.
> Now I have uncommented that line and when I run snort -c
> /etc/snort/snort.conf there is a fatal error at the end.  It says
> "Undefined Variable /etc/snort/snort.conf:448". When I comment that line
> out again it runs fine.  I am assuming that my path may be off a bit,
> but too me it appears correct.  I have pasted below.
> 
> Thanks,
> 
> Shaun
> 
> # database: log to a variety of databases
> # ---------------------------------------
> # See the README.database file for more information about configuring
> # and using this plugin.
> #
> output database: log, mysql, user=snort password=password dbname=snort
> host=localhost
> # output database: alert, postgresql, user=snort dbname=snort
> # output database: log, unixodbc, user=snort dbname=snort
> # output database: log, mssql, dbname=snort user=snort password=test
> 
> -----Original Message-----
> From: Bryan Irvine [mailto:bryan.irvine at ...9066...] 
> Sent: Monday, April 19, 2004 12:57 PM
> To: Shaun Gray
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Snot Newb Question
> 
> this part:
> ###BEGIN PASTE###
> # database: log to a variety of databases
> # ---------------------------------------
> # See the README.database file for more information about configuring
> # and using this plugin.
> #
> # output database: log, mysql, user=snort password=secret dbname=snort
> host=localhost
> # output database: alert, postgresql, user=snort dbname=snort
> # output database: log, unixodbc, user=snort dbname=snort
> # output database: log, mssql, dbname=snort user=snort password=test
> ###END PASTE###
> 
> You havn't set snort to log to a database.
> 
> uncomment the appropriate line (hint: probably the first line) and
> modify to match your DB.
> 
> -Bryan
> 
> On Mon, 2004-04-19 at 09:52, Shaun Gray wrote:
> > I'm not sure which line is the DB one so I have attached the entire
> > file.  Opening it via IE works.
> > 
> > -----Original Message-----
> > From: Bryan Irvine [mailto:bryan.irvine at ...9066...] 
> > Sent: Monday, April 19, 2004 12:07 PM
> > To: Shaun Gray
> > Cc: snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] Snot Newb Question
> > 
> > could you post the database line of your snort.conf?
> > 
> > --Bryan
> > 
> > On Mon, 2004-04-19 at 08:24, Shaun Gray wrote:
> > > Stats and alerts are showing up when I run "snort -c
> > > /etc/snort/snort.conf".  But when I look at ACID no activity shows
> > > up.  I have a feeling this is something very simple but, I can't put
> > > my finger on it.  Can anyone lend some advice on this issue?
> > > 
> > >  
> > > 
> > > Thanks,
> > > 
> > >  
> > > 
> > > Shaun Gray
> > > 
> > > Network Engineer
> > > 
> > > Medford Township Board of Education
> > > 
> > >  
> > > 
> > > 
> > 
> 





More information about the Snort-users mailing list