No subject


Thu Nov 23 16:36:19 EST 2017


(I presume that you removed the 'password=' parameter for your MySQL
database or maybe you don't have a password...).  

However, I notice that in your snort.conf you do not have the alert facility
activated.  I don't think Snort uses a default alert facility (I could be
*very* wrong), so I would add an 'output alert_fast: ...' statement to
snort.conf.  

After you do this and restart Snort, try scanning your network from the
outside using NMAP or some other tool.  If Snort is working correctly, you
should get alert messages logged to the file you specify in the alert_fast
plugin.  

- Christopher 


-----Original Message-----
[...snip]
## Output Modules
## --------------
output database: log, mysql, dbname=snort user=sensor1 host=192.168.0.69 
port=3306 sensor_name=Sensor1 detail=full
[snip...]


------_=_NextPart_001_01C2D214.AF0451F0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-=
1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2653.12">
<TITLE>RE: Access denied for user: '@192.168.0.1' -SNORT- </TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>From my quick look over what you provided, everything doe=
s seem to look ok (I presume that you removed the 'password=3D' parameter f=
or your MySQL database or maybe you don't have a password...).  </FONT=
></P>

<P><FONT SIZE=3D2>However, I notice that in your snort.conf you do not have=
 the alert facility activated.  I don't think Snort uses a default ale=
rt facility (I could be *very* wrong), so I would add an 'output alert_fast=
: ...' statement to snort.conf.  </FONT></P>

<P><FONT SIZE=3D2>After you do this and restart Snort, try scanning your ne=
twork from the outside using NMAP or some other tool.  If Snort is wor=
king correctly, you should get alert messages logged to the file you specif=
y in the alert_fast plugin.  </FONT></P>

<P><FONT SIZE=3D2>- Christopher </FONT>
</P>
<BR>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>[...snip]</FONT>
<BR><FONT SIZE=3D2>## Output Modules</FONT>
<BR><FONT SIZE=3D2>## --------------</FONT>
<BR><FONT SIZE=3D2>output database: log, mysql, dbname=3Dsnort user=3Dsenso=
r1 host=3D192.168.0.69 </FONT>
<BR><FONT SIZE=3D2>port=3D3306 sensor_name=3DSensor1 detail=3Dfull</FONT>
<BR><FONT SIZE=3D2>[snip...]</FONT>
</P>

</BODY>
</HTML>=

------_=_NextPart_001_01C2D214.AF0451F0--




More information about the Snort-users mailing list