[Snort-users] Logging to MySQL from Snort (Honeywall CD)
christian at ...13115...
Wed Mar 2 06:43:43 EST 2005
I¹m trying to get Snort on my honeywall to log against an external
mySQL-database. I¹ve added this line to /etc/snort/snort.conf:
output database: log, mysql, user=snort_user password=*******
I¹ve set up the mysql-server (and know it¹s working, since I¹m already
running another snort-process from a different IDS-sensor against it), and
the honeywall-logs tell me that the Snort/MySQL-handshake is completed after
Snort is restarted.
My question is then: Why isn¹t Snort sending data to the database? Snort is
running and generating regular logs in /var/log/snort/xxx/, but nothing is
sent to the external database. Port 3306 is open, but there is no traffic
going out of the honeywall-GW on it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users