Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort logging

From: Bamm Visscher <bamm () satx rr com>
Date: 30 Dec 2002 09:38:09 -0600
Try using 'alert' vice 'log' for inserting events into the DB (ie:
output database: alert, mysql,dbname=xxx user=xxx password=xxx
hostname=127.0.0.1) and then starting snort w/the -b option for binary
logging to /var/log/snort.

Bammkkkk

On Mon, 2002-12-30 at 08:32, Sasa Jusic wrote:

Hi,

My name is Sasa and I heve recently joined to this mailing list, which I
find very interesting and usefull.

I have some experience in running Snort, but I am still learning and testing
its capabilities. I think it is great product, and that it is very usefull
for network monitoring and intrusion detection.

Right now I'm using Snort 1.9.0 as IDS system on our network, and it is is
configured for MySQL database logging (output database: log, mysql,
dbname=xxx user=xxx password=xxx hostname=127.0.0.1). For data analysis and
system monitoring I am using Snortsnarf in combination with ACID, and it
works just fine.

But, there is one thing bothering me, and I don't now where is the problem.
In my /var/log/snort dir there is no other logs expect portscan.log and
alerts log files.

Snort logs its data to MySQL database but there is no logs in
/var/log/snort.

I'm running Snort with following arguments:

snort -de -h xxx.xxx.xxx.xxx -l /var/log/snort -c /etc/snort/snort.conf

In my conf file I just configured MySQL output plugin, as stated before (I
can't see any other parameter in snort.conf which could influence on this
problem).

I thought it will by default log normaly to /var/log/snort, beside logging
to MySQL database.

How can I configure Snort to log data at MySQL database and /var/log/snort
dir at the same time?

Thanks for help,

Sasa Jusic,
e-mail: sasa.jusic () zesoi fer hr
Laboratory for Systems and Signal, FER
Croatia












-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Bamm Visscher <bamm () satx rr com>



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: