[Snort-users] snort-184.108.40.206. Bug in MySQL?
pepperjack at ...14319...
Thu Mar 13 08:41:28 EDT 2008
Quoting salomon.riedo at ...14317...:
> Hey JJC
> Thanks for your response.
> --> i doesn't have lots of data, so i think, that i don't need barnyard
> ... I think, that this is the main reason to use it?
> --> Primary symptoms:
> Database is Empty (whith the previous version of snort [220.127.116.11] it
> ran without any troubles ... )
OK, so no data in the db.
1. Do you have alert data being reported to the alert log?
No? : it's not a db problem, it's a dead snort problem. end.
Yes? : it's a db output problem. proceed.
2. Does the snort.conf file have a mysql output line?
3. Try to log into mysql using the user id and password specified on
the output line.
4. While logged into the database type this command:
select vseq from schema;
5. Does it say "107" ?
6. If not, then the problem is that your old database is not
compatible with the schema used in snort 2.8 . The database will need
to be recreated from scratch.
I hope this helps. Post back to the list with your progress.
> Another solution is using the previous version.
> You should use unified output and use barnyard to read said unified
> data and write into mysql.
> There are several well documented reasons for this on the web...
> > I'am relatively new in this group and have an unsolved problem
> > logging alerts to a MySQL-DB since the upgrade to Snort
> > If I run the configure-script: # ./configure --with-mysql,
> there are no
> > errors.
> > My questions:
> > - Are there any essential changes on the new version?
> > - Could it be, that the problem is on my running-system
> what is the primary symptom?
> Snort wont build?
> Snort wont run?
> Database is Empty?
> > Thx
> > Salomon
Framework? I don't need no stinking framework!
@fferent Security Labs: Isolate/Insulate/Innovate
More information about the Snort-users