[Snort-users] Trouble to log trace into database

Juan juanca at ...11...
Fri Nov 19 10:42:05 EST 2004


Hi,
I have a trace file with some packets I am trying to analyze. I am trying to
load the trace into a mysql database but nothing gets logged. 
My rules file looks like this:
# RULES
log tcp any any -> any any
log udp any any -> any any

And if I just run snort without loading from file, this rules logs every tcp
and udp header just fine into the database. Now when I run:
C:\Snort\bin>snort -r c:\trace.eth -c c:\Snort\etc\snort-mod.conf \
	-l c:\Snort\log

I do not get any error but nothing gets logged to the database. See below
Can anyone give me a hint of what am I doing wrong?

Thanks,
J


======================================================================
database: compiled support for ( mysql odbc )
database: configured to use mysql
database:          user = snort
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name = TRUSS:[reading from a file]
database:     sensor id = 2
database: schema version = 106
database: using the "log" facility
2 Snort rules read...
2 Option Chains linked into 2 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
+-----------------------[thresholding-config]-------------------------------
---
| memory-cap : 1048576 bytes
+-----------------------[thresholding-global]-------------------------------
---
| none
+-----------------------[thresholding-local]--------------------------------
---
| none
+-----------------------[suppression]---------------------------------------
---
| none
----------------------------------------------------------------------------
---
Rule application order: ->activation->dynamic->alert->pass->log
        --== Initialization Complete ==--
-*> Snort! <*-
Version 2.2.0-ODBC-MySQL-FlexRESP-WIN32 (Build 30)
By Martin Roesch (roesch at ...1935..., www.snort.org)
1.7-WIN32 Port By Michael Davis (mike at ...92...,
www.datanerds.net/~mike)
1.8 - 2.x WIN32 Port By Chris Reid (chris.reid at ...3029...)
Run time for packet processing was 0.501000 seconds
============================================================================
Snort processed 84158 packets.
===========================================================================
Breakdown by protocol:
    TCP: 53451     (17.356%)
    UDP: 28239     (37.124%)
   ICMP: 13803      (1.561%)
    ARP: 3240       (0.231%)
  EAPOL: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 8916       (1.008%)
DISCARD: 377709     (42.720%)
============================================================================
===
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
============================================================================
===
Final Flow Statistics
,----[ FLOWCACHE STATS ]----------
Memcap: 10485760 Overhead Bytes 16400 used(%0.156403)/blocks (16400/1)
Overhead
blocks: 1 Could Hold: (0)
IPV4 count: 0 frees: 0 low_time: 0, high_time: 0, diff: 0h:00:00s
    finds: 0 reversed: 0(%0.000000)
    find_sucess: 0 find_fail: 0 percent_success: (%0.000000) new_flows: 0
database: Closing connection to database ""
Snort exiting






More information about the Snort-users mailing list