[Snort-users] database output plugin sensor_name parameter and ACID strangeness

Che Wan Zaharudin azhar at ...11599...
Tue Apr 27 20:44:03 EDT 2004


Hi,

Try this:

output database: alert, mysql, user=snort password=foo dbname=snort host=10.99.99.99 sensor_name=test_ce0


Thanks.

-----Original Message-----
From: Muntner, Adam [mailto:Adam.Muntner at ...11727...] 
Sent: Wednesday, April 28, 2004 8:33 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] database output plugin sensor_name parameter and ACID strangeness

I've been doing some experimenting using multiple senors and a single console box, and have noticed the following behavior
 
Even if I set sensor_name in the output plugin list, it is not set in the list of sensors... rather, it will say "0.0.0.0:ce1" (the interface does not have an IP address and it is a gigabit nic interface named ce1)
 
If I go into the "sensor" table in the snort database, I can change the hostname field to whatever I like.  That works until I restart the sensor... Unfortunately, it's only persistent until I restart the Snort sensor.  Then, a new interface is added to the list named "0.0.0.0:ce1" and all the events end up attached to that sensor id.
 
Some advice would be appreciated!
 
My output line looks like:
output database: alert, mysql, dbname=snort, sensor_name=test_ce0 user=snort password=foo host=10.99.99.99
Adam Muntner, CISSP 
 

*****Confidentiality Notice***************** 
This message contains confidential
information and is intended only for the 
individual named.If you are not the named
addressee you should not disseminate, 
distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if 
you have received this e-mail by mistake and
delete this e-mail from your system.
********************************************






More information about the Snort-users mailing list