[Snort-users] Snort - Fatal Error

Shankar list at ...12177...
Mon Jul 26 05:16:19 EDT 2004


On Monday, July 26, 2004 4:52 PM prabu wrote:
>To: Shankar; Snort-Users
>Subject: Re: [Snort-users] Snort - Fatal Error
>Hello Shankar,
>      First tell about your database configuration.I guess that u might
have
>not commented the (/etc/snort/snort.conf:453 line,since it is used for
>enabling log alerts to syslog.U should comment this line,if u want to
enable
>the databes loggging,since that line of the config file specifies to alert
>the output of logs to syslog.

>if u r using databes logging ,then ur snort.conf should have line as,
>for example,output database: log, mysql, dbname=snort user=root
>host=localhost password=kovai


dear prabu,

Thx for the mail/help. My database configuration is as below
output database: log, mysql, user=snort password=mypassword dbname=snort
host=localhost
i use user snort instead of root.

# mysql -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 26 to server version: 3.23.58

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+----------+
| Database |
+----------+
| mysql    |
| snort    |
| test     |
+----------+
3 rows in set (0.00 sec)

mysql> use snort
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+------------------+
| Tables_in_snort  |
+------------------+
| acid_ag          |
| acid_ag_alert    |
| acid_event       |
| acid_ip_cache    |
| data             |
| detail           |
| encoding         |
| event            |
| flags            |
| icmphdr          |
| iphdr            |
| opt              |
| protocols        |
| reference        |
| reference_system |
| schema           |
| sensor           |
| services         |
| sig_class        |
| sig_reference    |
| signature        |
| tcphdr           |
| udphdr           |
+------------------+
23 rows in set (0.00 sec)

mysql>


If i comment the Output line and type #snort -c /etc/snort/snort.conf then
process hangs here and i dont get my
# prompt back need to break it(ctrl^c)
   --== Initialization Complete ==--

-*> Snort! <*-
Version 2.1.3 (Build 27)
By Martin Roesch (roesch at ...1935..., www.snort.org)

thx in advance for ur mail/help.

Regards,
Shankar.







More information about the Snort-users mailing list