Snort mailing list archives
RE: Snort+database HOWTO???
From: Peter Bates <Peter.Bates () lshtm ac uk>
Date: Mon, 09 Jul 2001 17:17:39 +0100
Hello again all... User error, I suspect, caused my problems... I fiddled with so many things that I don't really know what I changed! First of all postgres(postmaster) wasn't starting with the -i option, and so was only opening a Unix domain socket... I presume, following that, that the snort db plugin explicitly uses TCP/IP sockets. I also might have had ipchains/iptables on the box filtering out the accesses (but that seems unlikely), but the real show-stopper was my strange combination of logging and command-line switches... For historical reasons, I've been logging to syslog (to watch, and to use snort-stat), to /var/log/snort (to contribute to the securityfocus ARIS project), and I was now trying to have a quick look at ACID to then remove one of the other logging forms... I was starting snort with: snort -u snort -g snort -de -D -o -i ethx -N -l /var/log/snort -c /etc/snort.conf and the -N was making the merry thing segfault. Then in snort.conf I had: output alert_syslog: LOG_AUTH LOG_ALERT output alert_full: alert output database: log, postgresql, etc. etc. .etc A case of 'too many command-line options and outputs spoil the snort'. --------------------------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, Network Support Team. London School of Hygiene & Tropical Medicine. Telephone:0207-927 2124 / Fax: 0207-436 5389 / Pager: 07625 255362 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort+database HOWTO??? Peter Bates (Jul 09)
- <Possible follow-ups>
- RE: Snort+database HOWTO??? Peter Bates (Jul 09)