[Snort-users] I wanna log packets to database of which the ip_src is my own pc, but failed.

Kinka xcst at ...15456...
Sun Dec 11 19:56:43 EST 2011


I wanna log packets to database of which the ip_src is my own pc,but failed. 
I'm using snort in win7. 
We know that using snort in its sniffer mode we can log a lot packets 
into a file, and now I want to log them to a mysql server. I enabled 
the database output plugin in the snort.conf and customed a rule: log 
icmp any any <> any any (sid:1;) as test. Everything is OK and I used 
a PC who's ip is 172.18.186.186 to ping another 172.18.186.189. What I 
hope to get is 8 records,among which there would be 4 records and 
their ip_src are 172.18.186.186. However I just got 4 records and 
their ip_dst are 172.18.186.186 while the ip_src are 172.18.186.186. 
OK,that's my problem. How can I get the 8 records I want to see? Could 
it possible? 
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111212/6a29430f/attachment.html>


More information about the Snort-users mailing list