[Snort-users] Snort and MySQL

sEc nErD umkcguy1978 at ...131...
Tue Feb 8 18:07:08 EST 2005


ok below are the details of whtz up with my snort...it
is having all alerts in /var/log/snort/alert file

but just that nothing in mysql database.one thing
happened was mysql was not running ,then i started
mysqld from init.d  

since i started it aftre i was running snort..do i
need to stop and restart snort??so that it connects to
the database

if yes what would be the command for that!!





[root at ...274... snort]# ps -ef| grep snort
snort     1791     1  0 08:42 ?        00:00:46
/usr/sbin/snort -A fast -b -d -D -i eth0 -u snort -g
snort -c /etc/snort/snort.conf -l /var/log/snort

[root at ...274... snort]# ps -ef| grep mysql
root      2029     1  0 08:42 ?        00:00:00
/bin/sh /usr/bin/safe_mysqld
--defaults-file=/etc/my.cnf
mysql     2053  2029  0 08:42 ?        00:00:00
/usr/libexec/mysqld --defaults-file=/etc/my.cnf
--basedir=/usr --datadir=/var/lib/mysql --user=mysql
--pid-file=/var/run/mysqld/mysqld.pid --skip-locking



line in my snort.conf that i have uncommented:

output database: log, mysql, user=snort password=snort
dbname=snort host=localhost


output from /var/log/messages
Feb  8 14:49:48 localhost sshd(pam_unix)[3049]:
session opened for user root by (uid=0)
Feb  8 15:15:30 localhost mysqld: Starting MySQL: 
succeeded
Feb  8 16:32:24 localhost kernel: UDF-fs: No VRS found
Feb  8 16:33:59 localhost sshd(pam_unix)[2894]:
session closed for user root
Feb  8 16:34:01 localhost sshd(pam_unix)[3049]:
session closed for user root
Feb  8 16:34:47 localhost sshd(pam_unix)[3290]:
session opened for user root by (uid=0)
Feb  8 16:58:15 localhost sshd(pam_unix)[3375]:
session opened for user root by (uid=0)
Feb  8 17:06:49 localhost sshd(pam_unix)[3290]:
session closed for user root
Feb  8 17:06:54 localhost sshd(pam_unix)[3375]:
session closed for user root
Feb  8 19:56:25 localhost sshd(pam_unix)[3552]:
session opened for user root by (uid=0)







--- Robert Spangler <bms at ...4832...> wrote:

> On Sun August 29 2004 13:35, Robert Spangler wrote:
> 
> >  I seem to be having a problem setting up snort to
> use MySQL database.
> 
> I had an error in my snort.conf file
> 
> >  snort.conf has the following entry:
> >
> > 
> ===================================================
> >  output database: log, MySQL, user=snort,
> password=******** dbname=snort
> >  host=localhost
> > 
> ===================================================
> 
> The above was placed in the wrong area of the
> config.  When this was corrected 
> snort seemed to run without any problems.
> 
> 
> NOW
> 
> 
> I don't think things are running correctly.  I run a
> scan against my machine 
> using CIS and it does it's reporting but I never see
> anything in ACID or 
> OpenAanval.
> 
> I used the following quick setup guide written by
> Patrick Harper at 
> http://www.internetsecurityguru.com/
> 
> 
> -- 
> 
> Regards
> Robert
> 
> Smile.....  It increases your face value.
> 
> 
> 
>
-------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic
> Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1
> today.
>
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 




More information about the Snort-users mailing list