[Snort-users] Snort not loging on MySql

Michael Steele michaels at ...9077...
Mon Feb 2 09:26:02 EST 2004


Look in the Event Viewer and see id Snort is throwing out any errors.

Remove all the switches and get Snort to log to the database first then
start adding the switches, one at a time.

You can do a TCPDump of port 3306 and watch for alerts to be passed to
MySQL.

My guess is that it's one of the switches if Snort is not throwing any
errors. 

Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Di Fresco Marco
> Sent: Friday, January 30, 2004 12:40 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort not loging on MySql
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi all,
> I temporarily solved my previous problem ("Device didn't translate")
> by setting in snort.conf the HOME_NET to my real IP address instead
> of using (\Device\NPF_{18...3C}). At the moment Snort works, but I
> have another problem.
> 
> Basically the problem is that Snort does not log on my MySql server.
> I checked the archives of this ML and I also done a search on Google,
> but the only two solutions I found were to try to drop the snort
> database and recreate it, or to check the perimission of the snort
> user to make sure it can write to the snort database; I tried both
> solutions and they did not work (the implementation of the solutions
> worked, but Snort still does not log).
> 
> Here my environment:
> WinXP Pro. (full patched)
> Snort 2.1.0
> MySql 4.0.17
> (all three software on the same standalone machine).
> 
> Here an extract of my snort.conf:
> var HOME_NET [My IP address]
> var EXTERNAL_NET !$HOME_NET
> ...
> var SQL_SERVERS $HOME_NET
> ...
> output database: log, mysql, user=snort at ...274...
> password=SNORTPASWORD dbname=snort host=localhost encoding=ascii
> detail=full ignore_dbf=0
> 
> For the part (of snort.conf) where all the rules are listed, I
> changed the path from relative ($RULE_PATH\) to absoulute
> (D:\Snort\rules\)
> 
> And here is the syntax I use to launc Snort:
> D:\Snort\bin\snort.exe -c "D:\snort\etc\snort.conf" -l "D:\snort\Log"
> - -A full -i 1 -I -d -e -X
> 
> Any suggestion?
> 
> Thank in advance.
> 
> 
> 
> Di Fresco Marco
> http://home.comcast.net/~superdif/
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
> 
> iQIVAwUBQBq/TGFI2e+I8s0+AQKBeBAAgWoGF0DiT+VGbXD9IS9eM5rZjBKy3f4y
> OBbYFnfdJdaBwOKhR1r+xSCyqcrWa3M+9u5Qv7Ii1uCpAgFItrv5pnw9MTeL/uKf
> p9Ds+K0NbQmgvLuQDbSkz/QXxd/NIPsf4ses7N7TrA2AyBvTi3kEDilJySf5iyk4
> 8iUFI7+yGIjVKXiB0H0Az/MVnb5AIkwI/z5O7ROEHuusskBSXSPFH8XxPSXu7e95
> R+nNWngN+BqI7sS8jaAXzdXx7SCnw5A8/EqrTy7y/VBD6URHULLI8RP9Ce38hEWz
> uL/VZPQOAe3Bvqmbr4pt9LBdwZkOsKEJNO+V1MMaEpdMD7yTzi+4yp19EhxzwN93
> U3Qr8ep/Y/xPCjIrwCDKgmnyJLeHShmhqw4XkGaIniYqL3fMhig2Ocp+cDJDHGVR
> tq7S4STaXkiQok8ZPtbUk2bQh0+qSHZG4xuPk7G1VxLzsJyiQtJldbswQAnfmR/m
> WUJrcadvlqrrjXzzEH1eHz9M1P5Ez1D9rjTdo/7aYciDaHD720LAfJ2Aux1b2XON
> 23pG4fdU/bJ+gRYy1RxbiNKfqJMZgy7ucJEdb7/RohgpMLfYdcBUCXHeYa/rMHxJ
> X9Wqf9J9BsN4ElefOLMhWzuDG4scqdNjf4F5OzQ5LutegXCbauLR13byJv+pZ/AP
> /ALf9xepn14=
> =wfcK
> -----END PGP SIGNATURE-----
> 
> 
> 
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list