[Snort-users] snort-mysql, ted database

Winfield Henry winfieldh at ...12591...
Mon Oct 25 14:24:08 EDT 2004


I'll try Mr. Slighters suggestion and here is the output line from the 
conf file. Also  I've seen that snort is storing alerts to the proper 
db, I'm just not sure where this reference to "ted" comes from.

output database: log, mysql, user=snort password=******** 
dbname=snort_db host=localhost


M. Shirk wrote:

> Can we see your output plugin line in your conf file???
>
> Shirkdog
>
>
>> From: Tim Slighter <tslighter at ...5174...>
>> To: Winfield Henry <winfieldh at ...12591...>
>> CC: snort-users at lists.sourceforge.net
>> Subject: Re: [Snort-users] snort-mysql, ted database
>> Date: Mon, 25 Oct 2004 10:38:31 -0600
>>
>> On occasion something similar to this will happen on our systems.  It 
>> usually resolves down to some syntax anomaly (not a syntax error) in 
>> the snort.conf file like the use of custom variables or thresholds.  
>> At least that is the only time I have seen this happen over here.  
>> Perhaps try a very basic or stripped down conf file renamed to 
>> test.conf and then issue 'snort -c test.conf -i eth1 -T', and see if 
>> the error takes place, start adding subsequent lines from your 
>> snort.conf file into the test.conf file and keep testing until the 
>> error takes place.  That should provide you with a starting point for 
>> your analysis.
>>
>> Winfield Henry wrote:
>>
>>> Hello,
>>> I am wondering what the "ted" database reference to when I issue 
>>> ctl-C to snort-mysql?
>>> To quote the consol:
>>>
>>> database:Closing connection to database "ted"
>>> Snort exiting
>>>
>>> This is not the database name that is logging alerts. As a matter of 
>>> fact there is no 'ted' database on the system.
>>>
>>> Thanks.
>>>
>>>
>>> -------------------------------------------------------
>>> This SF.net email is sponsored by: IT Product Guide on 
>>> ITManagersJournal
>>> Use IT products in your business? Tell us what you think of them. 
>>> Give us
>>> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find 
>>> out more
>>> http://productguide.itmanagersjournal.com/guidepromo.tmpl
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>>
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
>> Use IT products in your business? Tell us what you think of them. 
>> Give us
>> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find 
>> out more
>> http://productguide.itmanagersjournal.com/guidepromo.tmpl
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> _________________________________________________________________
> On the road to retirement? Check out MSN Life Events for advice on how 
> to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
> Use IT products in your business? Tell us what you think of them. Give us
> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out 
> more
> http://productguide.itmanagersjournal.com/guidepromo.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list