[Snort-users] Trouble to log trace into database
prabu333 at ...8908...
Fri Nov 19 23:32:00 EST 2004
> I have a trace file with some packets I am trying to analyze. I am trying
> load the trace into a mysql database but nothing gets logged.
> My rules file looks like this:
> # RULES
> log tcp any any -> any any
> log udp any any -> any any
> And if I just run snort without loading from file, this rules logs every
> and udp header just fine into the database. Now when I run:
> C:\Snort\bin>snort -r c:\trace.eth -c c:\Snort\etc\snort-mod.conf \
> -l c:\Snort\log
> I do not get any error but nothing gets logged to the database. See below
> Can anyone give me a hint of what am I doing wrong?
I have tested just now the same rules set to a tcpdump
captured file.It logged all my alerts and logs.
Are you able to read tcpdump file through other tools?
Then,Checkout your snort database setting.
If you are smart enough to know that you're not smart enough to be an
Engineer, then you're in Business.
More information about the Snort-users