[Snort-users] Snort 2.x does not logs into MySQL

Michael Steele michaels at ...9077...
Fri Oct 29 20:25:03 EDT 2004


There needs to be something that will trigger an alert in order for there to
be something in there.

Try adding these to a file called test.rules and edit your snort.conf to
load the new rule set

alert icmp any any -> any any
alert tcp any any -> any any

Then add a -o to your snort run line

Then restart Snort and do some browsing of the web and you should get a LOT
of alerts.

You can do a tcp dump of port 3306 on your MySQL server to see if there are
any alerts getting through.

Kindest regards, 
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Esler, Joel - Contractor
> Sent: Friday, October 29, 2004 11:47 AM
> To: linux2003; snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Snort 2.x does not logs into MySQL
> 
> Do you have the ICF enabled on your SP2 WinXP machine?
> 
> J
> 
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of linux2003
> Sent: Tuesday, October 26, 2004 12:28 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort 2.x does not logs into MySQL
> 
> 
> Hi everyone,
> 
> I have setup a Snort w/MySQL on Windows Xp SP2 machine with no problem.
> However when I  run the Snort no logs are logged into database.
> Database setting as well as the conf file looks fine and OK.
> 
> Any idea what I am missing here ??
> 
> ---
> Running in packet dump mode
> Log directory = log
> 
> Initializing Network Interface
> \Device\NPF_{1689EEEC-0514-41E1-BFCF-F172473E95C0}
> 
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding Ethernet on interface
> \Device\NPF_{1689EEEC-0514-41E1-BFCF-F172473E95C0}
> 
>         --== Initialization Complete ==--
> 
> -*> Snort! <*-
> Version 2.2.0-ODBC-MySQL-FlexRESP-WIN32 (Build 30)
> By Martin Roesch (roesch at ...1935..., www.snort.org) 1.7-WIN32 Port
> By Michael Davis (mike at ...92...,
> www.datanerds.net/~mike)
> 1.8 - 2.x WIN32 Port By Chris Reid (chris.reid at ...3029...)
> 
> Snort sucessfully loaded all rules and checked all rule chains! Snort
> exiting
> --------------
> No logs in MySQL at all ...
> 
> Thanks for your input,
> Roman
> 
> 
> 
> -------------------------------------------------------
> This Newsletter Sponsored by: Macrovision
> For reliable Linux application installations, use the industry's leading
> setup authoring tool, InstallShield X. Learn more and evaluate
> today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_idU88&alloc_id065&op=ick
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users







More information about the Snort-users mailing list