Snort mailing list archives

RE: Logging to Both Syslog and MySql

From: "Uhte, Russ" <RussU () RP-L com>
Date: Thu, 19 Sep 2002 14:47:26 -0500

Dave
What has to be done is to recompile the snort code ....  Or get a copy of
the recompiled Snort code that tells snort not to override other outputs
when starting with the -s switch...  And then start snort from the command
line with -s xxx.xxx.xxx.xxx:514  I might still have a copy of the
recompiled snort.exe lying around somewhere if you're interested.  However,
with the recompiled version, I couldn't start snort as a service, so I
choose not to use it!!
-Russ

-----Original Message-----
From: doswald () nexterna com [mailto:doswald () nexterna com] 
Sent: Thursday, September 19, 2002 11:46 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Logging to Both Syslog and MySql


I know this subject has been covered before..I have tried to do my homework
by searching the archives but I still don't seem to be able to find the
answer to this issue.

I am running the 1.8 version of snort on Windows 2000 server and I am
trying to log both to a remote MySQL database and a remote syslog server
with the following config in my snort.conf file

output alert_syslog: LOG_AUTH LOG_ALERT host=172.16.9.38

output database: log, mysql, user=snort password=snort dbname=snort
host=172.16.9.38 sensor_name=ids1

 I do get information in database but not my syslog server, what am I
missing ? Is this possible ?

Thanks for any help in advance

Dave




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
---
[This E-mail scanned for viruses by Declude Virus]


---
CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive
and confidential use of the intended recipient. If you are not the intended
recipient, please do not read, distribute or take action in reliance upon
this message. If you have received this in error, please notify us
immediately by return email and promptly delete this message and its
attachments from your computer system.
---


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Logging to Both Syslog and MySql doswald (Sep 19)
- Re: Logging to Both Syslog and MySql twig les (Sep 19)
- <Possible follow-ups>
- RE: Logging to Both Syslog and MySql Uhte, Russ (Sep 19)