Snort mailing list archives
Re: mysql logging trouble
From: roman () danyliw com
Date: Fri, 12 Oct 2001 13:29:37 US/Eastern
The portscan pre-processor only outputs to the alert facility. Modify the database configuration to use alert instead of log: output database: alert, mysql, user=user dbname=snort host=localhost Roman On Fri, 12 Oct 2001, Frontgate Lab wrote:
Hiya.. im asking this again in a separate email so that topics dont get confused: how do i figure out why the snort alerts are not getting into my mysql database even when i have the following line in the snort.conf? # database: log to a variety of databases # See the README.database file for more information about configuring output database: log, mysql, user=user dbname=snort host=localhost # output database: alert, postgresql, user=snort dbname=snort # output database: log, unixodbc, user=snort dbname=snort # output database: log, mssql, dbname=snort user=snort password=test # as databases or the network can now be avoided. # and a mysql database. # output database: log, mysql, user=snort dbname=snort host=localhost when i do a process listing in mysql it seems that snort is no longer logged in from localhost after some time elapses. Also has anyone figured out how to get portscans into the database? i have the following setup on redhat 7.1 : [root@fglab /root]# snort -V -*> Snort! <*- Version 1.8.1-current (Build 79) By Martin Roesch (roesch () sourcefire com, www.snort.org) [root@fglab /root]# rpm -q MySQL MySQL-3.23.43-1 [root@fglab /root]# rpm -q MySQL-Max MySQL-Max-3.23.43-1 ps ax | grep snort 4483 ? S 0:28 snort -D -s -c /etc/snort/snort.conf -l /var/log/snor 15562 pts/3 S 0:00 grep snort thank you :) Madhav Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Wagner Weber & Williams _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- mysql logging trouble Frontgate Lab (Oct 12)
- <Possible follow-ups>
- Re: mysql logging trouble roman (Oct 12)