Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Help needed -- trying to log to a mysql database

From: Erek Adams <erek () theadamsfamily net>
Date: Sat, 8 Sep 2001 09:14:41 -0700 (PDT)
On Sat, 8 Sep 2001, Peter Borner wrote:


I'm new to SNORT.


Welcome to our world... :)


I've been struggling all day to get SNORT to run as a
daemon and log to a MySql Database. I have diligent followed the
instructions in the various README and INSTALL files (not diligently
enough I hear you say!)


Do we ever? :)


I have successfully installed SNORT and MySql on
my Linux box and followed the instructions to create the database,
tables, users, etc., but when I try to start SNORT I get an error asking
me to check the spelling of "mysql" in the snort.conf file and, if
necessary to reconfigure, recompile and reinstall snort. I have
reconfigured with "-with-mysql" and run make; make install again without
error (and the config.log shows no errors against "Checking for MySql").
However, I still get the error when trying to start SNORT.


Lets take it one thing at a time:

        snort.conf:  Output from " cat /path/to/snort.conf | grep -v ^# | grep
-v ^$ " (sanitized of course! :)
        snort.conf:  If you comment out the mysql ouput plugin, can you get
snort to start?  Will it log any packets or alerts?
        snort:  snort -V says?  And it better not say "Mooo..."
        snort:  Command line to start snort?
        daemon:  Can you run it in foreground?  IOW, are you using the -D
option?  Or are you using something like daemontools?  Try it in foreground
with and without the output database plugin in the snort.conf and see what
happens.

Those aren't in any real order...  Just sorta a mishmash of things to look at.


If anyone can help me I'd be eternally grateful.


Great!  I'll take a fresh pot of coffee please.  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: