[Snort-users] Snort - Fatal Error

prabu prabu333 at ...8908...
Mon Jul 26 05:57:00 EDT 2004


Then there is problem with the Database connectivity ,then comment  in
/etc/snort.conf,this line,
output database: log, mysql, dbname=snort user=root host=localhost
password=kovai

Try with enabling  alert_syslog or log_tcpdump works and run the snort.This
will hepl U to find whether snort can run in other types
of output configuration.Also,i dont know much about linux based database
configuration.

Prabu.S




----- Original Message ----- 
From: "Shankar" <list at ...12177...>
To: "prabu" <prabu333 at ...8908...>; "Snort-Users"
<snort-users at lists.sourceforge.net>
Sent: Monday, July 26, 2004 5:44 PM
Subject: RE: [Snort-users] Snort - Fatal Error


> On Monday, July 26, 2004 4:52 PM prabu wrote:
> >To: Shankar; Snort-Users
> >Subject: Re: [Snort-users] Snort - Fatal Error
> >Hello Shankar,
> >      First tell about your database configuration.I guess that u might
> have
> >not commented the (/etc/snort/snort.conf:453 line,since it is used for
> >enabling log alerts to syslog.U should comment this line,if u want to
> enable
> >the databes loggging,since that line of the config file specifies to
alert
> >the output of logs to syslog.
>
> >if u r using databes logging ,then ur snort.conf should have line as,
> >for example,output database: log, mysql, dbname=snort user=root
> >host=localhost password=kovai
>
>
> dear prabu,
>
> Thx for the mail/help. My database configuration is as below
> output database: log, mysql, user=snort password=mypassword dbname=snort
> host=localhost
> i use user snort instead of root.
>
> # mysql -p
> Enter password:
> Welcome to the MySQL monitor.  Commands end with ; or \g.
> Your MySQL connection id is 26 to server version: 3.23.58
>
> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>
> mysql> show databases;
> +----------+
> | Database |
> +----------+
> | mysql    |
> | snort    |
> | test     |
> +----------+
> 3 rows in set (0.00 sec)
>
> mysql> use snort
> Reading table information for completion of table and column names
> You can turn off this feature to get a quicker startup with -A
>
> Database changed
> mysql> show tables;
> +------------------+
> | Tables_in_snort  |
> +------------------+
> | acid_ag          |
> | acid_ag_alert    |
> | acid_event       |
> | acid_ip_cache    |
> | data             |
> | detail           |
> | encoding         |
> | event            |
> | flags            |
> | icmphdr          |
> | iphdr            |
> | opt              |
> | protocols        |
> | reference        |
> | reference_system |
> | schema           |
> | sensor           |
> | services         |
> | sig_class        |
> | sig_reference    |
> | signature        |
> | tcphdr           |
> | udphdr           |
> +------------------+
> 23 rows in set (0.00 sec)
>
> mysql>
>
>
> If i comment the Output line and type #snort -c /etc/snort/snort.conf then
> process hangs here and i dont get my
> # prompt back need to break it(ctrl^c)
>    --== Initialization Complete ==--
>
> -*> Snort! <*-
> Version 2.1.3 (Build 27)
> By Martin Roesch (roesch at ...1935..., www.snort.org)
>
> thx in advance for ur mail/help.
>
> Regards,
> Shankar.
>
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.726 / Virus Database: 481 - Release Date: 7/22/2004






More information about the Snort-users mailing list