[Snort-users] snort unable to log alert to database mysql
snort at ...15979...
Sun Dec 2 11:32:25 EST 2012
If you want to check snort is capturing packets you can use the -A console switch when running snort; this way each alert triggered will be displayed on the console instead of being logged into a file.
So your command may look like
/usr/snort/bin/snort -c /usr/snort/etc/snort.conf -i ethX -A console
Where X is the interface on your box, eth0, eth1, or whatever its called.
You can enable protocol-icmp rules and test with pings.
From: TermVRL M
Sent: 12/2/2012 6:47 PM
To: Y M
Subject: Re: [Snort-users] snort unable to log alert to database mysql
for your info,
i manage to use tcpdump, to check my network card can sniff LAN packets.
my eth1, which is sniff interface can "see" traffic from my LAN.
i assume that i configure the nic correctly.
i also check the location of the snort rules.
all configure correctly in my snort.conf.
let say, i use nmap, and try to generate some traffic, how i want to know
that snort manage to see the traffic?
On Sun, Dec 2, 2012 at 10:23 PM, Y M <snort at ...15979...> wrote:
> Based on your snort's version then I would suggest using barnyard2 as
> the snort't database plugin is not supported anymore.
> Is your snort installed correctly? That's a tricky question. Getting
> "Commencing packet processing" means snort is running fine but it doesn't
> mean you should stop there. You to configure your rules, make sure that
> snort is seeing traffic, and that you have got an output mechanism(s) you
> are comfortable with i.e.: database, unified2, syslog, etc, and the GUI you
> will use to start analyzing alerts.
> From: TermVRL M
> Sent: 12/2/2012 5:08 PM
> To: Y M
> Subject: Re: [Snort-users] snort unable to log alert to database mysql
> i am using snort version 2.9.3.
> one more question, if im able to get "Commencing packet processing"
> message. is it my installation correct?
> On Sun, Dec 2, 2012 at 9:57 PM, Y M <snort at ...15979...> wrote:
> Which version of snort are you using?
> At my best knowledge, snort's own database output plugin is deprecated
> since 2.9.3.x.
> In that case, you will have to use barnyard2 to get alerts into the
> From: TermVRL M
> Sent: 12/2/2012 4:42 PM
> To: Snort User (snort-users at lists.sourceforge.net);
> snort-users-request at lists.sourceforge.net
> Subject: [Snort-users] snort unable to log alert to database mysql
> Hi all,
> i get this error when try to log snort output to database..
> ERROR: /usr/local/snort/etc/snort.conf(535) Unknown output plugin:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users