[Snort-users] v2.8.4 incorrect logging to MySQL
cummingsj at ...11827...
Fri Apr 10 16:14:02 EDT 2009
Use barnyard.... Or another utility like snort-unified-perl to read
snort unifiedx output and send to mysql.... That would be the correct
way to do it.
Sent from the iRoad
On Apr 10, 2009, at 9:52 AM, "Danny Paul" <JDPAUL at ...14549...>
> It appears that version 2.8.4 does not properly log to mysql. I have
> the following line in my config file (***** = redacted):
> output database: log, mysql, user=***** password=*****
> dbname=snortdb host=localhost sensor_name=***** encoding=hex
> The tables are empty when snort is started.
> When I start snort, it does start making entries into the event,
> tcphdr, iphdr, and data tables. However, it never makes an entry for
> itself in the sensor table and never inserts anything into the
> signature table. That means that there is no way to correlate events
> to the sensor that generated them or the signature triggering the
> alert. I logged all MySQL queries to confirm this behavior. Snort
> will query the sensor and signature tables but never inserts. What
> could be the cause of this?
> OpenSuSE 11.1
> Snort 2.8.4
> Mysql 5.0.67
> Phil Wood's libpcap ver:0.9.8.20081128
> Snort compiled from source using configuration directives:
> Danny Paul
> ** Virus scanned by City of Columbia MO Email Firewall **
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users