[Snort-users] v2.8.4 incorrect logging to MySQL
JDPAUL at ...14549...
Fri Apr 10 12:52:13 EDT 2009
It appears that version 2.8.4 does not properly log to mysql. I have the following line in my config file (***** = redacted):
output database: log, mysql, user=***** password=***** dbname=snortdb host=localhost sensor_name=***** encoding=hex detail=full
The tables are empty when snort is started.
When I start snort, it does start making entries into the event, tcphdr, iphdr, and data tables. However, it never makes an entry for itself in the sensor table and never inserts anything into the signature table. That means that there is no way to correlate events to the sensor that generated them or the signature triggering the alert. I logged all MySQL queries to confirm this behavior. Snort will query the sensor and signature tables but never inserts. What could be the cause of this?
Phil Wood's libpcap ver:0.9.8.20081128
Snort compiled from source using configuration directives:
** Virus scanned by City of Columbia MO Email Firewall **
More information about the Snort-users