[Snort-users] Snort 2.2.0 & ACID 0.9.6b23

Pedro Fortuna pedro.fortuna at ...11827...
Fri Sep 10 12:08:04 EDT 2004


try:
output database: alert, mysql, user=<username> password=<password>
dbname=snort host=localhost

Best Regards,
Pedro Fortuna

On Fri, 10 Sep 2004 13:57:11 -0500, Matthew K. Lee <mattl at ...12405...> wrote:
> Pedro,
> 
> output database: log, mysql, user=<username> password=<password>
> dbname=snort host=localhost
> 
> (With the correct values for username and password, of course.)
> 
> The interesting this is that I'm actually getting information in the
> snort.event, snort.data, snort.icmphdr, snort.tcphdr, etc.  I am not
> getting any records created in the acid tables, however.
> 
> I've tried dropping and recreating all the tables.  I've tried dropping
> and recreating the database.  All with no luck.
> 
> Thanks,
> 
> Matthew Lee
> 
> 
> 
> -----Original Message-----
> From: Pedro Fortuna [mailto:pedro.fortuna at ...11827...]
> Sent: Friday, September 10, 2004 1:43 PM
> To: Matthew K. Lee
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort 2.2.0 & ACID 0.9.6b23
> 
> How's your "output database: " line in snort.conf ?
> Pedro Fortuna
> 
> On Fri, 10 Sep 2004 10:01:28 -0500, Matthew K. Lee <mattl at ...12405...>
> wrote:
> > Hello all,
> >
> > I'm running snort-2.2.0, mysql (with schema 106), and acid 0.9.6b23.
> > I'm getting some of the alert information to show up in acid, but the
> > actual alerts are not displayed.  I've checked the database, and the
> > information is being logged correctly.  It seems as though the alert
> > page is just not returning any rows.  I wonder if there was a change
> in
> > the schema version that may have broken compatibility with ACID
> > 0.9.6b23?
> >
> > Has anyone else encountered this?  If so, what did you do to resolve
> the
> > issue?
> >
> > Thanks,
> >
> > Matthew Lee
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> > Project Admins to receive an Apple iPod Mini FREE for your judgement
> on
> > who ports your project to Linux PPC the best. Sponsored by IBM.
> > Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?listsnort-users
> >
>




More information about the Snort-users mailing list