[Snort-users] Snort Mysql Acid Combo

Mark Fagan r00t at ...10564...
Wed Feb 4 03:48:07 EST 2004


Is /var/log/snort populated with logs ?

If so you probable dont have the correct entry in your snort.conf:

It should be along the lines of:

output database: log, mysql, sensor_name=mysensor user=snortuser 
password=snortpassword dbname=snort host=dbhost

Also in the event you have a DB authentication issue open two ssh sessions, one 
tailing the /var/log/messages file:

tail -f /var/log/messages

And one restarting snort:

/etc/init.d/snort restart

If you get a success message you probably dont have the correct output database 
statement.

Hope this helps.

Mark





Quoting Sam Osuala <sam.osuala at ...11137...>:

> I have installed a box with the following;
> 
> 1] Redhat Linux 9.2
> 2] Snort 2.0.6
> 3] Mysql 4.0.17
> 4] Acid 0.9.6
> 5] php 4.3.4
> 6] zlib-1.1.4
> 7] libpcap-0.7.2
> 8] Apache 2.0.48 (not the one that came with the Linux )
> 9] jgraph 1.14
> 10] adodb 405
> 
> These are all installed in the Linux box above. The issue is that the mysql
> is not getting any logs in the database. If I start my snort with "snort
> -dvC" I get the alerts on the screen. What could be the problem. Do I have to
> keep the components in different machines?
> 
> Thanks
> 
> Sam
> 







More information about the Snort-users mailing list