[Snort-users] An acid problem.

Gould, Scott sgould at ...11473...
Fri Sep 24 00:33:06 EDT 2004

My 1st thought would be to check your snort.conf file for the
appropriate output plug-in configuration.  You need to tell snort to log
to your mysql db, via an output db plug-in line in your snort.conf


The documentation at snort.org and the snort.conf file give examples of
database output logging.


This, is however a method that may not be able to keep up with high
bandwidth.  You may want to consider a flow like this if you have high
bandwidth pipes your monitoring:


Snort logs to binary log file

Barnyard monitors binary log file, and does inserts into mysql db


Lots of information about barnyard can be found in the various setup
docs available at snort.org, and by searching the archives of this list.


My best advice, only being at this for a year or so myself, is to start
simple (which your doing:-)), get your current setup working, then look
to tune performance down the road.


Hope this helps.


Scott Gould, MCP

Senior Network & Systems Analyst

Gynecologic Oncology Group 

Statistical & Data Center

sgould at ...11473...



From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of kinux
Sent: Friday, September 24, 2004 2:10 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] An acid problem.




i installed snort, mysql, acid by ports on a freebsd box. 

When i try to display Alert Listing: 15 Last Alerts, there is nothing
show on the
screen.  as following.  What's the problem?

     Alert Listing: 15 Last Alerts Home
            Search   |   AG Maintenance

      [ Back ]

Added 0 alert(s) to the Alert cache
 Queried DB on : Fri September 24, 2004 10:22:20 Meta Criteria    any
                  IP Criteria    any
                  Layer 4 Criteria    none
                  Payload Criteria    any

Displaying 15 Last Alerts



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040924/8fa61a68/attachment.html>

More information about the Snort-users mailing list