[Snort-users] An acid problem.

kinux kinux at ...11852...
Fri Sep 24 11:46:05 EDT 2004


In snort.conf, i have choose to use mysql..

# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more information about configuring
# and using this plugin.
#
output database: log, mysql, user=snort password=123454 dbname=snort host=localhost




  ----- Original Message ----- 
  From: Gould, Scott 
  To: snort-users at lists.sourceforge.net 
  Sent: Friday, September 24, 2004 3:32 PM
  Subject: RE: [Snort-users] An acid problem.


  My 1st thought would be to check your snort.conf file for the appropriate output plug-in configuration.  You need to tell snort to log to your mysql db, via an output db plug-in line in your snort.conf file..

   

  The documentation at snort.org and the snort.conf file give examples of database output logging.

   

  This, is however a method that may not be able to keep up with high bandwidth.  You may want to consider a flow like this if you have high bandwidth pipes your monitoring:

   

  Snort logs to binary log file

  Barnyard monitors binary log file, and does inserts into mysql db

   

  Lots of information about barnyard can be found in the various setup docs available at snort.org, and by searching the archives of this list.

   

  My best advice, only being at this for a year or so myself, is to start simple (which your doingJ), get your current setup working, then look to tune performance down the road.

   

  Hope this helps.

   

  Scott Gould, MCP

  Senior Network & Systems Analyst

  Gynecologic Oncology Group 

  Statistical & Data Center

  sgould at ...11473...

  716-845-5702


------------------------------------------------------------------------------

  From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at ...2902...ists.sourceforge.net] On Behalf Of kinux
  Sent: Friday, September 24, 2004 2:10 AM
  To: snort-users at lists.sourceforge.net
  Subject: [Snort-users] An acid problem.

   

  hi,

   

  i installed snort, mysql, acid by ports on a freebsd box. 

  When i try to display Alert Listing: 15 Last Alerts, there is nothing show on the
  screen.  as following.  What's the problem?

        ACID
       Alert Listing: 15 Last Alerts Home
              Search   |   AG Maintenance

        [ Back ]

  Added 0 alert(s) to the Alert cache
   Queried DB on : Fri September 24, 2004 10:22:20 Meta Criteria    any
                    IP Criteria    any
                    Layer 4 Criteria    none
                    Payload Criteria    any




  Displaying 15 Last Alerts

  Thanks.

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040924/a6fbe1a4/attachment.html>


More information about the Snort-users mailing list