Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort 1.9.0 + redhat 8.0: no output to mysql wh en in daemon mode

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Fri, 21 Mar 2003 13:41:37 -0500
Per the source code I've reviewed, only the '-A ...' command line parameter
would override (i.e., disable) any output plugins specified in snort.conf;
'-D' shouldn't touch the output plugins.  
 
Also, you don't want to use both 'alert' and 'log' at the same time to the
same MySQL database; you'll end up with lots of duplicate data. [0]  
 
- Christopher  
 [0] http://www.theadamsfamily.net/~erek/snort/logging_methods.txt
<http://www.theadamsfamily.net/~erek/snort/logging_methods.txt> 

-----Original Message-----
From: Tom Van Overbeke [mailto:tvanoverbeke () ccncsi net]
Sent: Friday, March 21, 2003 11:34 AM
To: SnortUsers
Subject: [Snort-users] snort 1.9.0 + redhat 8.0: no output to mysql when in
daemon mode


Hi,
 
Snort refuses to write to mysql when it is started with the -A fast and the
-D options. i tried all possible combinations, and as soon as one of these 2
parameters is mentioned, it defaults to the logfile.
 
the -A i can do without, but i like to start all my daemons via the init.d
scripts, and if i leave out the -D, snort remains attached to the terminal,
which is not what a daemon should be doing.
 
Does anyone know how I can have the -D option present and still log to
database ?
 
these are my snort.conf lines with respect to the output:
 
output database: log, mysql, user=snort password=snort dbname=snort
host=127.0.0.1
output database: alert, mysql, user=snort password=snort dbname=snort
host=127.0.0.1

 
Thanks,
 
Tom.
 

****************************************************************************

Disclaimer: 

This electronic transmission and any files attached to it are strictly 

confidential and intended solely for the addressee. If you are not 

the intended addressee, you must not disclose, copy or take any

action in reliance of this transmission. If you have received this 

transmission in error, please notify the sender by return and delete

the transmission.  Although the sender endeavors to maintain a

computer virus free network, the sender does not warrant that this

transmission is virus-free and will not be liable for any damages 

resulting from any virus transmitted. 

Thank You.

****************************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: