[Snort-users] snort don't log to mysql server

carlopmart carlopmart at ...11827...
Mon Sep 4 11:02:11 EDT 2006


My responses ...

info+lucretia.ca wrote:
> Details....
> 
> What version of mysql?
MySQL 4.1.20 under CentOS 4.4

> What is the output configurations?

output database: log, mysql, user=idsuser password=IDSuser 
dbname=snortdb host=srvmgmt sensor_name=CorpIPS

> Can you actually login to the snort db properly?
Yes without problems.
> 
> You tell us a problem with mysql logging, but then you state to use a test
> rule to log to /var/log/snort not to a database?  Which is it?

My test rule:
alert icmp any any -> $HOME_NET any (msg:"ICMP test"; dsize:8; itype:8; 
sid:10000001;)

Events are logged under /var/log/snort/ ... but not in mysql ...


> 
> Good luck,
> 
> James Friesen, CIO
> Lucretia Enterprises
> 
>> -----Original Message-----
>> From: snort-users-bounces at lists.sourceforge.net
>> [mailto:snort-users-bounces at lists.sourceforge.net] On Behalf
>> Of carlopmart
>> Sent: Monday, September 04, 2006 6:32 AM
>> To: snort-users at lists.sourceforge.net
>> Subject: [Snort-users] snort don't log to mysql server
>>
>> Hi all,
>>
>>   I am testing snort 2.6 with aanval console. I have setup
>> snort with inline and mysql under CentOS 4.4 using src.rpm
>> package from snort's website.
>>
>>   I have configured output log to mysql server. Sensor is
>> registered but any event is inserted under mysql ( i am using
>> a test rule that generates a lot of outputs to
>> /var/log/snort). Snort user has the right options.
>>
>> Any ideas??
> 
> 
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

-- 
CL Martinez
carlopmart {at} gmail {d0t} com




More information about the Snort-users mailing list