Snort mailing list archives

Re: RE: Snort Logging on Linux but NOT to MYSQL on windows

From: Erek Adams <erek () snort org>
Date: Thu, 13 Feb 2003 09:00:22 -0500 (EST)

On Thu, 13 Feb 2003, mike Hughes wrote:

hey this is with my fresh INSTALL: Here are the commands output: status and
variables: I know snort started properly on LINUX caseu i checked
/var/log/messages and it did connect to windows mahine cause i checked
netstat and my firewall says it connected esyablished 192.168.0.1 to
192.168.0.69 port 3306. Kerio says it reaceived 3016 bytes of data from
192.168.0.1 but nothng more: There are tables in the snort databse: Not sure
why its not logging


[...big snip...]

No idea.

Things to do:

        *  Ditch the firewall.  No matter what you think, turn it off
until you can get this resolved.  It could be causing all of your trouble.
        *  See if you can connect from the Linux box to the MySQL box as
the user you created for Snort (in MySQL).  That should tell you if you've
setup that right.

                mysql -u snort -h <mysql_ip> -p

        *  Then read the ACID and DB Install instructions [0].  I know you
have the guide from SANS, but it's not working for you.  The install
guides are good, and they tell you how to troubleshoot your problems.
        *  If that fails, check the docs [1] that Michael Steele has put
together about how to install ACID on a Win32 platform.  The docs are
clear and well laid out.

There's something simple that you didn't do, or did incorrectly.  There
are too many people out there using that same doc to install with.  Just
take it slow and don't rush.  It'll all work out.  As the Most Famous Book
In the Galaxy proclaims "Don't Panic!"

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.andrew.cmu.edu/~rdanyliw/snort/snortdb/snortdb.html
        http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html
[1]     http://www.silicondefense.com/techsupport/windows-acid.htm


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort Logging on Linux but NOT to MYSQL on windows mike Hughes (Feb 11)
- Re: Snort Logging on Linux but NOT to MYSQL on windows Erek Adams (Feb 12)
- RE: Snort Logging on Linux but NOT to MYSQL on windows Vicky Mair (Feb 12)
- <Possible follow-ups>
- RE: Snort Logging on Linux but NOT to MYSQL on windows L. Christopher Luther (Feb 12)
- RE: Snort Logging on Linux but NOT to MYSQL on windows mike Hughes (Feb 13)
  - Re: RE: Snort Logging on Linux but NOT to MYSQL on windows Erek Adams (Feb 13)
- RE: Snort Logging on Linux but NOT to MYSQL on windows L. Christopher Luther (Feb 13)