[Snort-users] Trouble to log trace into database

Juan juanca at ...11...
Fri Nov 5 16:45:49 EST 2004


Hi,

I have a trace file with some packets I am trying to analyze. I am trying to
load the trace into a mysql database but nothing gets logged. 

My rules file looks like this:

# RULES

log tcp any any -> any any

log udp any any -> any any

 

And if I just run snort without loading from file, this rules logs every tcp
and udp header just fine into the database. Now when I run:

C:\Snort\bin>snort -r c:\trace.eth -c c:\Snort\etc\snort-mod.conf \

      -l c:\Snort\log

 

I do not get any error but nothing gets logged to the database. See below
Can anyone give me a hint of what am I doing wrong?

 

Thanks,

J

 

 

======================================================================

database: compiled support for ( mysql odbc )

database: configured to use mysql

database:          user = snort

database: password is set

database: database name = snort

database:          host = localhost

database:   sensor name = TRUSS:[reading from a file]

database:     sensor id = 2

database: schema version = 106

database: using the "log" facility

2 Snort rules read...

2 Option Chains linked into 2 Chain Headers 0 Dynamic rules

+++++++++++++++++++++++++++++++++++++++++++++++++++

+-----------------------[thresholding-config]---------------------------

+-------

| memory-cap : 1048576 bytes

+-----------------------[thresholding-global]---------------------------

+-------

| none

+-----------------------[thresholding-local]----------------------------

+-------

| none

+-----------------------[suppression]-----------------------------------

+-------

| none

----------------------------------------------------------------------------
---

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==-- -*> Snort! <*- Version
2.2.0-ODBC-MySQL-FlexRESP-WIN32 (Build 30) By Martin Roesch
(roesch at ...1935..., www.snort.org)

1.7-WIN32 Port By Michael Davis (mike at ...92...,
www.datanerds.net/~mike)

1.8 - 2.x WIN32 Port By Chris Reid (chris.reid at ...3029...)

Run time for packet processing was 0.501000 seconds
============================================================================

Snort processed 84158 packets.

===========================================================================

Breakdown by protocol:

    TCP: 53451     (17.356%)

    UDP: 28239     (37.124%)

   ICMP: 13803      (1.561%)

    ARP: 3240       (0.231%)

  EAPOL: 0          (0.000%)

   IPv6: 0          (0.000%)

    IPX: 0          (0.000%)

  OTHER: 8916       (1.008%)

DISCARD: 377709     (42.720%)

============================================================================
===

Action Stats:

ALERTS: 0

LOGGED: 0

PASSED: 0

============================================================================
===

Final Flow Statistics

,----[ FLOWCACHE STATS ]----------

Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1)
Overhead

blocks: 1 Could Hold: (0)

IPV4 count: 0 frees: 0 low_time: 0, high_time: 0, diff: 0h:00:00s

    finds: 0 reversed: 0(%0.000000)

    find_sucess: 0 find_fail: 0 percent_success: (%0.000000) new_flows: 0

database: Closing connection to database ""

Snort exiting

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041105/53341749/attachment.html>


More information about the Snort-users mailing list