Snort mailing list archives
Not logging to mysql db - Help needed
From: Jeff Newton <Jeff_Newton () pmc-sierra com>
Date: Wed, 02 Jan 2002 14:16:43 -0800
I think I have everything set up correctly for logging to a mysql db but nothing is written to the db, only locally to /var/log/snort. I would appreciate any suggestions. Not sure how to troubleshoot this... Here is the set up: Recon - the sensor has the following installed: snort-mysql+flexresp-1.8.3-5.i386.rpm mysql-3.23.41-1.i386.rpm mysqlclient9-3.23.22-6.i386.rpm mysql-devel-3.23.41-1.i386.rpm The output plugin for /etc/snort/snort.bastion.conf is output database: log, mysql, user=snort password=XXXX dbname=snort host=pointman sensor_name=recon Snort is called via: /usr/sbin/snort -i eth1 -D -c /etc/snort/snort.bastion.conf -b -o -A fast -z est Pointman - the mysql db host has the following installed: mysql-3.23.41-1.i386.rpm mysqlclient9-3.23.22-6.i386.rpm mysql-devel-3.23.41-1.i386.rpm The following (from the sensor) indicates the mysql db seems to be working: # mysql -u snort -h pointman -p snort Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 to server version: 3.23.41 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> status -------------- mysql Ver 11.15 Distrib 3.23.41, for redhat-linux-gnu (i386) Connection id: 1 Current database: snort Current user: snort@recon Current pager: stdout Using outfile: '' Server version: 3.23.41 Protocol version: 10 Connection: pointman via TCP/IP Client characterset: latin1 Server characterset: latin1 TCP port: 3306 Uptime: 28 sec Threads: 1 Questions: 23 Slow queries: 0 Opens: 25 Flush tables: 1 Open tables: 19 Queries per second avg: 0.821 -------------- mysql> show tables; +------------------+ | Tables_in_snort | +------------------+ | data | | detail | | encoding | | event | | flags | | icmphdr | | iphdr | | opt | | protocols | | reference | | reference_system | | schema | | sensor | | services | | sig_class | | sig_reference | | signature | | tcphdr | | udphdr | +------------------+ 19 rows in set (0.00 sec) -- Jeff Newton _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Not logging to mysql db - Help needed Jeff Newton (Jan 02)