[Snort-users] Can snort send alerts to the mysql database w/out ...output file?grep -i output /usr/local/etc/snort/snort.conf

Jacob, Raymond A Jr raymond.jacob at ...7622...
Sat Mar 11 11:19:02 EST 2006


-----Original Message-----
From: Jason [mailto:security at ...5028...]
Sent: Thursday, March 09, 2006 15:55
To: Jacob, Raymond A Jr
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Solved Can snort send alerts to the mysql
database without writing an output file?


what is the output of grep -i output /usr/local/etc/snort/snort.conf or
can you send me your snort.conf



Jacob, Raymond A Jr wrote:
---------------------------------------------------
% grep -i output snort.conf

#  3) Configure output plugins
#output-mode msg \
#                         "binary" to get them in a unified binary output 
#	output-mode msg \
# Step #3: Configure output plugins
# Uncomment and configure the output plugins you decide to use.  General
# configuration for output plugins is of the form:
# output <name_of_plugin>: <configuration_options>
# output alert_syslog: LOG_AUTH LOG_ALERT
# output alert_syslog: LOG_AUTH LOG_ALERT
# output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT
# output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT
#output log_null
# The only argument is the output file name.
# output log_tcpdump: tcpdump.log
# output database: log, mysql, user=root password=test dbname=db host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test
#output database: log, mysql, user=yyyy dbname=snort password=xxxxxx host=snorthost  sensor_name=ids01
output database: log, mysql, user=yyyyy dbname=snort password=xxxxxx host=snorthost sensor_name=ids01
output database: log, mysql, user=yyyyy dbname=snort_archive password=xxxxxx host=snorthost sensor_name=ids01
# The unified output plugin provides two new formats for logging and generating
# output alert_unified: filename snort.alert, limit 128
# output log_unified: filename snort.log, limit 128
# You can optionally define new rule types and associate one or more output
#   output log_tcpdump: suspicious.log
#   output alert_syslog: LOG_AUTH LOG_ALERT
#   output database: log, mysql, user=snort dbname=snort host=localhost




More information about the Snort-users mailing list