[Snort-users] Yet another alert not being logged to mysql database[edited]
Jacob, Raymond A Jr
raymond.jacob at ...7622...
Wed Apr 21 14:50:05 EDT 2004
running snort 2.1.2(Build 25) on openbsd with bridging(on sensor side) and packetfiltering(management side)
Setup for testing cross connected cable, workstation running nmap and snortbox.
Doing syn scans against one address.
snort works in packet sniffing mode.
I changed:(not real snort.conf using config from above url).
output database: log, mysql, user=snort dbname=snort_db host=localhost password=foo
output database: alert, mysql, user=snort dbname=snort_db host=localhost password=foo
I tried adding the preprocessor for portscan
preprosessor portscan: 10.0.0.0/8 5 10 /var/log/portscan.log
ls /<datadir>/snort/*.MYD very small and times have not changed.
mysql snortadmin(not real name) -p
select * from iphdr
logs to me look like everything loads.
More information about the Snort-users