[Snort-users] v2.8.4 incorrect logging to MySQL

Danny Paul JDPAUL at ...14549...
Sat Apr 11 13:11:33 EDT 2009


Well, like I said - it's writing to the events table, but it's not writing to the sensors or signatures table.  Of course if those tables were already populated (in an upgrade situation, for example) that would not be a big issue until new signatures came out or new sensors came online. In my case I was doing a test install before upgrade and noticed that the new version no longer would populate those two tables.

Can anyone else duplicate this? Obviously you'd have to start with an empty database. :-)



>>> On 4/11/2009 at 11:51 AM, in message
<665172f40904110951j23451026q7f98769d5b98f49a at ...11828...>,
<rsreese at ...11827...> wrote:
> On Sat, Apr 11, 2009 at 11:37 AM, Danny Paul <JDPAUL at ...14548...> wrote:
>> I don't really *need* to use barnyard - snort thus far has not had a problem 
> keeping up with the traffic while writing logs directly to MySQL. We're 
> talking about a pretty low speed link, really. As far as what's correct, 
> writing its log to MySQL is supported, is it not?
> 
> I haven't seen a problem writing data to MySQL from Snort and I'm
> writing directly to MySQL from Snort.
> 
> $ mysql -uroot -pblah -D snort -e "select count(*) from event"
> +----------+
> | count(*) |
> +----------+
> |       55 |
> +----------+
> 
> I have had trouble getting my Base setup working correctly but it's
> probably just me :-o.
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net 
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users 
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


** Virus scanned by City of Columbia MO Email Firewall **




More information about the Snort-users mailing list