[Snort-users] Snort Mysql Acid Combo
r00t at ...10564...
Wed Feb 4 03:48:07 EST 2004
Is /var/log/snort populated with logs ?
If so you probable dont have the correct entry in your snort.conf:
It should be along the lines of:
output database: log, mysql, sensor_name=mysensor user=snortuser
password=snortpassword dbname=snort host=dbhost
Also in the event you have a DB authentication issue open two ssh sessions, one
tailing the /var/log/messages file:
tail -f /var/log/messages
And one restarting snort:
If you get a success message you probably dont have the correct output database
Hope this helps.
Quoting Sam Osuala <sam.osuala at ...11137...>:
> I have installed a box with the following;
> 1] Redhat Linux 9.2
> 2] Snort 2.0.6
> 3] Mysql 4.0.17
> 4] Acid 0.9.6
> 5] php 4.3.4
> 6] zlib-1.1.4
> 7] libpcap-0.7.2
> 8] Apache 2.0.48 (not the one that came with the Linux )
> 9] jgraph 1.14
> 10] adodb 405
> These are all installed in the Linux box above. The issue is that the mysql
> is not getting any logs in the database. If I start my snort with "snort
> -dvC" I get the alerts on the screen. What could be the problem. Do I have to
> keep the components in different machines?
More information about the Snort-users