<html>

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">


<meta name=Generator content="Microsoft Word 10 (filtered)">

<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Garamond;
        panose-1:2 2 4 4 3 3 1 1 8 3;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p
        {margin-right:0in;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.emailstyle17
        {font-family:Garamond;
        color:windowtext;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
span.EmailStyle18
        {font-family:Arial;
        color:navy;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Jacob,</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>My documentation had a left over from
1.8.x days. You can remove the ‘output database log….’ line.</span></font></p>

<div>

<p><font size=2 color=navy face="Times New Roman"><span style='font-size:10.0pt;
color:navy'>The ‘output database alert …’ will do both, log
and alert.</span></font></p>

<p><font size=2 color=navy face="Times New Roman"><span style='font-size:10.0pt;
color:navy'>I’m not real sure but I think you have to remove the -A fast.</span></font></p>

<p><font size=2 color=navy face="Times New Roman"><span style='font-size:10.0pt;
color:navy'> -Michael<br>
--<br>
 </span></font><font size=2 color=navy><span style='font-size:10.0pt;
 color:navy'>Michael Steele</span></font><font size=2 color=navy><span
style='font-size:10.0pt;color:navy'> | System Engineer / Support Technician<br>
 <a href="mailto:michaels@...155...">mailto:michaels@...155...</a><br>
 Silicon Defense: IDS solutions - <a href="http://www.silicondefense.com">http://www.silicondefense.com</a><br>
 Snort: Open Source Network IDS - <a href="http://www.snort.org">http://www.snort.org</a></span></font></p>

</div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b>
snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] <b><span style='font-weight:
bold'>On Behalf Of </span></b></span></font><font size=2 face=Tahoma><span
 style='font-size:10.0pt;font-family:Tahoma'>Snow Jacob C KPWA</span></font><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, April 23, 2003
10:48 AM<br>
<b><span style='font-weight:bold'>To:</span></b> '</span></font><font size=2
 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>snort-users@lists.sourceforge.net</span></font><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>'; '</span></font><font
 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Michael
 Steele</span></font><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma'>'<br>
<b><span style='font-weight:bold'>Subject:</span></b> [Snort-users] Question
about Snort/ACID/MySQL and how they play together</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'>Just a curious question when you
have:</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-indent:.5in'><font size=2
face=Garamond><span style='font-size:11.0pt;font-family:Garamond'>output
database: log, mysql, user=snort1 password=test_snort dbname=snort
host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1</span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-indent:.5in'><font size=2
face=Garamond><span style='font-size:11.0pt;font-family:Garamond'>output
database: alert, mysql, user=snort1 password=test_snort dbname=snort
host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'>in the snort.conf file will you
get alerts in the log file as well?</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'>I have installed the service
with:</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-indent:.5in'><font size=2
face=Garamond><span style='font-size:11.0pt;font-family:Garamond'>snort
/service /install -o -A fast -l d:/applications/snort/log -c
d:/applications/snort/etc/snort.conf -d -i3</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'>when I run this from the command
prompt (minus the /service and /install and with the output line removed in
snort.conf) it works well and gives me alerts and all is well with the world,
but when I add the output lines back in hoping to get it to log the alerts to a
database, I get no alerts in the database, but I do get them in the log
folder.  I have checked to make sure I am getting a connection to the
database with: telnet <databse comp name> 3306 and get the funny line of
characters and such (aka doesn't puke).  </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'>I am wondering why none of my
alerts are going to the database, but are instead going to the log
folder?  Anyone have any ideas or do you need more information or
anything.</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Garamond><span
style='font-size:11.0pt;font-family:Garamond'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Times New Roman"><span
style='font-size:10.0pt'>Thank you,</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Times New Roman"><span
style='font-size:10.0pt'>Jacob Snow</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Times New Roman"><span
style='font-size:10.0pt'><a href="mailto:jacobsc@...160...">jacobsc@...979...160...</a></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Times New Roman"><span
style='font-size:10.0pt'>(360)315-3487</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Times New Roman"><span
style='font-size:10.0pt'>NAVSEA Intern</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> </span></font></p>

</div>

</body>

</html>