[Snort-users] snort unable to log alert to database mysql

Y M snort at ...15979...
Sun Dec 2 11:32:25 EST 2012


If you want to check snort is capturing packets you can use the -A console switch when running snort; this way each alert triggered will be displayed on the console instead of being logged into a file.
So your command may look like
/usr/snort/bin/snort -c /usr/snort/etc/snort.conf -i ethX -A console

Where  X is the interface on your box, eth0, eth1, or whatever its called.

You can enable protocol-icmp rules and test with pings.

YM
________________________________
From: TermVRL M
Sent: 12/2/2012 6:47 PM
To: Y M
Subject: Re: [Snort-users] snort unable to log alert to database mysql

for your info,
i manage to use tcpdump, to check my network card can sniff LAN packets.
my eth1, which is sniff interface can "see" traffic from my LAN.
i assume that i configure the nic correctly.

i also check the location of the snort rules.
all configure correctly in my snort.conf.

let say, i use nmap, and try to generate some traffic, how i want to know
that snort manage to see the traffic?


On Sun, Dec 2, 2012 at 10:23 PM, Y M <snort at ...15979...> wrote:

>  Based on your snort's version then I would suggest using barnyard2 as
> the snort't database plugin is not supported anymore.
>
> Is your snort installed correctly? That's a tricky question. Getting
> "Commencing packet processing" means snort is running fine but it doesn't
> mean you should stop there. You to configure your rules, make sure that
> snort is seeing traffic, and that you have got an output mechanism(s) you
> are comfortable with i.e.: database, unified2, syslog, etc, and the GUI you
> will use to start analyzing alerts.
>
> YM
>  ------------------------------
> From: TermVRL M
> Sent: 12/2/2012 5:08 PM
> To: Y M
> Subject: Re: [Snort-users] snort unable to log alert to database mysql
>
>
> i am using  snort version 2.9.3.
> one more question, if im able to get "Commencing packet processing"
> message. is it my installation correct?
>
> thanks.
>
> On Sun, Dec 2, 2012 at 9:57 PM, Y M <snort at ...15979...> wrote:
>
>  Which version of snort are you using?
>
> At my best knowledge, snort's own database output plugin is deprecated
> since 2.9.3.x.
>
> In that case, you will have to use barnyard2 to get alerts into the
> database.
>
> YM
>  ------------------------------
> From: TermVRL M
> Sent: 12/2/2012 4:42 PM
> To: Snort User (snort-users at lists.sourceforge.net);
> snort-users-request at lists.sourceforge.net
> Subject: [Snort-users] snort unable to log alert to database mysql
>
>
> Hi all,
>
> i get this error when try to log snort output to database..
>
> ERROR: /usr/local/snort/etc/snort.conf(535) Unknown output plugin:
> "database"
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121202/66b12884/attachment.html>


More information about the Snort-users mailing list