RE: Snort Logging on Linux but NOT to MYSQL on windows

["L. Christopher Luther" <CLuther () Xybernaut com>]

Usually when Snort has problems updating a MySQL database, you will see
errors displayed to Snort console window.  That is, unless Snort is running
in daemon mode.  

I am not familiar with the Snort/MySQL instructions posted on the SANS site.
However, I am wondering if you configured the Snort DB in MySQL to use
transactions, and if so, did you also disable MySQL's auto-commit
functionality?  

- Christopher 


-----Original Message-----
From: mike Hughes [mailto:mikehughes013 () hotmail com]
Sent: Wednesday, February 12, 2003 1:21 AM
To: snort-users () lists sourceforge net; erek () snort org;
CLuther () Xybernaut com
Subject: Snort Logging on Linux but NOT to MYSQL on windows


Hi..

Ok i have snort working and logging on my LINUX machine192.168.0.1. They are

alerts in /var/log/snort/alerts and portscan. I have it setup soo it is 
suppose to log to my windows machine192.168.0.69 running mysql. I have been 
using this as my reference:

http://www.sans.org/rr/intrusion/practical_guide.php

Im on the last step but the MYSQL on my windows machine is not logging 
anything.

I know that my Linux machine is connected to MYSQL on the windows machine 
becasue im using KERIO firewall and it shows the MYSQL connected to 
192.168.0.1 and transferring data but i cant see anything in the events.  I 
dont have a CLUE why or how to DEBUG this. Can someone help. If you need my 
/etc/snort.conf file it is posted here:

http://sourceforge.net/mailarchive/forum.php?thread_id=1638741&forum_id=3972

Any help on how to debug this problem and get mysql to start logging.



_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*   
http://join.msn.com/?page=features/junkmail