[Snort-users] Snort not loging on MySql

Di Fresco Marco superdif at ...11114...
Mon Feb 2 06:46:20 EST 2004


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
I temporarily solved my previous problem ("Device didn't translate")
by setting in snort.conf the HOME_NET to my real IP address instead
of using (\Device\NPF_{18...3C}). At the moment Snort works, but I
have another problem.

Basically the problem is that Snort does not log on my MySql server.
I checked the archives of this ML and I also done a search on Google,
but the only two solutions I found were to try to drop the snort
database and recreate it, or to check the perimission of the snort
user to make sure it can write to the snort database; I tried both
solutions and they did not work (the implementation of the solutions
worked, but Snort still does not log).

Here my environment:
WinXP Pro. (full patched)
Snort 2.1.0
MySql 4.0.17
(all three software on the same standalone machine).

Here an extract of my snort.conf:
var HOME_NET [My IP address]
var EXTERNAL_NET !$HOME_NET
...
var SQL_SERVERS $HOME_NET
...
output database: log, mysql, user=snort at ...274...
password=SNORTPASWORD dbname=snort host=localhost encoding=ascii
detail=full ignore_dbf=0

For the part (of snort.conf) where all the rules are listed, I
changed the path from relative ($RULE_PATH\) to absoulute
(D:\Snort\rules\)

And here is the syntax I use to launc Snort:
D:\Snort\bin\snort.exe -c "D:\snort\etc\snort.conf" -l "D:\snort\Log"
- -A full -i 1 -I -d -e -X

Any suggestion?

Thank in advance.



Di Fresco Marco
http://home.comcast.net/~superdif/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQIVAwUBQBq/TGFI2e+I8s0+AQKBeBAAgWoGF0DiT+VGbXD9IS9eM5rZjBKy3f4y
OBbYFnfdJdaBwOKhR1r+xSCyqcrWa3M+9u5Qv7Ii1uCpAgFItrv5pnw9MTeL/uKf
p9Ds+K0NbQmgvLuQDbSkz/QXxd/NIPsf4ses7N7TrA2AyBvTi3kEDilJySf5iyk4
8iUFI7+yGIjVKXiB0H0Az/MVnb5AIkwI/z5O7ROEHuusskBSXSPFH8XxPSXu7e95
R+nNWngN+BqI7sS8jaAXzdXx7SCnw5A8/EqrTy7y/VBD6URHULLI8RP9Ce38hEWz
uL/VZPQOAe3Bvqmbr4pt9LBdwZkOsKEJNO+V1MMaEpdMD7yTzi+4yp19EhxzwN93
U3Qr8ep/Y/xPCjIrwCDKgmnyJLeHShmhqw4XkGaIniYqL3fMhig2Ocp+cDJDHGVR
tq7S4STaXkiQok8ZPtbUk2bQh0+qSHZG4xuPk7G1VxLzsJyiQtJldbswQAnfmR/m
WUJrcadvlqrrjXzzEH1eHz9M1P5Ez1D9rjTdo/7aYciDaHD720LAfJ2Aux1b2XON
23pG4fdU/bJ+gRYy1RxbiNKfqJMZgy7ucJEdb7/RohgpMLfYdcBUCXHeYa/rMHxJ
X9Wqf9J9BsN4ElefOLMhWzuDG4scqdNjf4F5OzQ5LutegXCbauLR13byJv+pZ/AP
/ALf9xepn14=
=wfcK
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list