[Snort-users] Snort not righting to DB

Joel Esler joel.esler at ...1935...
Wed Jun 20 08:35:20 EDT 2007


What is your Snort command line options when you run it?

FWIW -- It is HIGHLY suggested that you not log directly from Snort  
to the DB.  It IS suggested that you use the unified output module  
and use something like Barnyard or similar to read the unified files  
and put them in the DB.

But for now, what does your command line look like?



joel esler | security consultant | Sourcefire | pgp  key is public



On Jun 20, 2007, at 8:08 AM, Louis Bohm wrote:

> I am running Snort 2.6.1.5-1 on a Centos 5 machine with MySql  
> 5.0.22-2.1.  When I built snort I built it with the mysql option.   
> In the snort.conf file I have the following:
>
>  output database: log, mysql, user=snortuser password=xxxxx  
> dbname=snortDB host=localhost detail=full
>
>
>
> And I am also getting an alert log and a regular log file for each  
> interface.
>
>
>
> At present I am not seeing a lot of events because I have not  
> plugged the box in to a lot of places but I am seeing some and it  
> is showing in the logs.  However, I am getting nothing in the  
> database.  I am not even seeing a connection between snort and the  
> DB.  Snort is reporting NO errors what so ever.  And if I run snort  
> –T –c /etc/snort/snort.conf I see that it logs in to the DB with no  
> problems.
>
>
>
> I know this should work I have done it before…  Any thoughts?
>
>
>
> Thanks,
>
> Louis
>
>
>
> ~~
> -------------------------------------
> Louis Bohm
> Network Administrator
> Adnexus Therapeutics
> 781.209.2324
> -------------------------------------
>
>
>
> ---------------------------------------------------------------------- 
> ---
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/ 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070620/ce3bd3dd/attachment.html>


More information about the Snort-users mailing list