[Snort-users] Logging to MySQL from Snort (Honeywall CD)

Christian Larsen christian at ...13115...
Wed Mar 2 06:43:43 EST 2005


I¹m trying to get Snort on my honeywall to log against an external
mySQL-database. I¹ve added this line to /etc/snort/snort.conf:

output database: log, mysql, user=snort_user password=*******
dbname=snort_db host=*******

I¹ve set up the mysql-server (and know it¹s working, since I¹m already
running another snort-process from a different IDS-sensor against it), and
the honeywall-logs tell me that the Snort/MySQL-handshake is completed after
Snort is restarted.

My question is then: Why isn¹t Snort sending data to the database? Snort is
running and generating regular logs in /var/log/snort/xxx/, but nothing is
sent to the external database. Port 3306 is open, but there is no traffic
going out of the honeywall-GW on it.

Thank you.

Kind regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050302/685e6512/attachment.html>

More information about the Snort-users mailing list