[Snort-users] [REPOST] Snort not loging on MySql

Di Fresco Marco superdif at ...11114...
Mon Feb 2 06:46:51 EST 2004


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
I am re-sending this message because in the previous attempt I used a
different e-mail address from the one I using to be subscribed to the
list. So to the moderators: please disregard the previous e-mail and
forgive me.

I temporarily solved my previous problem ("Device didn't translate")
by setting in snort.conf the HOME_NET to my real IP address instead
of using (\Device\NPF_{18...3C}). At the moment Snort works, but I
have another problem.

Basically the problem is that Snort does not log on my MySql server.
I checked the archives of this ML and I also done a search on Google,
but the only two solutions I found were to try to drop the snort
database and recreate it, or to check the perimission of the snort
user to make sure it can write to the snort database; I tried both
solutions and they did not work (the implementation of the solutions
worked, but Snort still does not log).

Here my environment:
WinXP Pro. (full patched)
Snort 2.1.0
MySql 4.0.17
(all three software on the same standalone machine).

Here an extract of my snort.conf:
var HOME_NET [My IP address]
var EXTERNAL_NET !$HOME_NET
...
var SQL_SERVERS $HOME_NET
...
output database: log, mysql, user=snort at ...274...
password=SNORTPASWORD dbname=snort host=localhost encoding=ascii
detail=full ignore_dbf=0
(all in one line)

For the part (of snort.conf) where all the rules are listed, I
changed the path from relative ($RULE_PATH\) to absoulute
(D:\Snort\rules\).

And here is the syntax I use to launc Snort: D:\Snort\bin\snort.exe
- -c "D:\snort\etc\snort.conf" -l "D:\snort\Log" - -A full -i 1 -I -d
- -e -X
(all in one line)

Any suggestion?

Thank in advance.



Di Fresco Marco
http://home.comcast.net/~superdif/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQIVAwUBQBsd02FI2e+I8s0+AQIPnA//deeRStx3had6m74Q6gXVAy6n/YiXXNe8
++9221lQBnjzkDt/zyDF7YgMS1H01KNMlBubsAeBo1syRZIivc0TzUIIZJddDbkK
bf65qYIiXt/lE/u4lAuyBSlm7RtCKw9/+1aBrZWuAc1h8SR+W/Rl+pVNr/t74g3i
edgu/nIoTDntHs3gO5+/zb/18tYASkQhQxYKP9V5Ipd0u8vhaBWJES/vSEi9Fj0W
OmMywE/GinyqitTN9890HA/Ccg/yZZ68yA6Ma1tuQztHwhMv1ftwv08iFjlwBkXS
mDNTy5GU/7B3/bTMOxgQwx9Au+zFSmUVj2gM/VczhsTKwWEH9xWj2lOIlvWQ1mGZ
esgDrY/vZA84XISiFkBJ0jaaHvtTG+mzwQTiK77LfP+T+HIHyT6bQyWEWfybwhSK
M5enkmpRI4QeNez1R6cHg41/75qBHHtUpnlVKVdShTG1sCfXrHgRmE8w3Tqvc2Tk
ecCdt+FvZfduy96v8p1Y4M2+8V1Xi0ogrBYVSr624QdP6oQ6zS9seYSsB6y55R5s
E5mgPU5WjWwCV3nS4QN4poBEQ3SOPCStoYgkhwNzNRIa7QfsV3nVbd3I5fl0ogx9
JmYQE8Vv+7uxwtAaN20dQ3m9G0g5C6nxTVpKaTgdtDR4u7YTTYSlsC4d/pd1Ed2M
s38GsR3gdFs=
=FMEh
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list