Snort mailing list archives
RE: Question about Snort/ACID/MySQL and how they play together
From: "Michael Steele" <michaels () silicondefense com>
Date: Wed, 23 Apr 2003 22:19:15 -0700
Jacob, My documentation had a left over from 1.8.x days. You can remove the 'output database log..' line. The 'output database alert .' will do both, log and alert. I'm not real sure but I think you have to remove the -A fast. -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Snow Jacob C KPWA Sent: Wednesday, April 23, 2003 10:48 AM To: 'snort-users () lists sourceforge net'; 'Michael Steele' Subject: [Snort-users] Question about Snort/ACID/MySQL and how they play together Just a curious question when you have: output database: log, mysql, user=snort1 password=test_snort dbname=snort host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1 output database: alert, mysql, user=snort1 password=test_snort dbname=snort host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1 in the snort.conf file will you get alerts in the log file as well? I have installed the service with: snort /service /install -o -A fast -l d:/applications/snort/log -c d:/applications/snort/etc/snort.conf -d -i3 when I run this from the command prompt (minus the /service and /install and with the output line removed in snort.conf) it works well and gives me alerts and all is well with the world, but when I add the output lines back in hoping to get it to log the alerts to a database, I get no alerts in the database, but I do get them in the log folder. I have checked to make sure I am getting a connection to the database with: telnet <databse comp name> 3306 and get the funny line of characters and such (aka doesn't puke). I am wondering why none of my alerts are going to the database, but are instead going to the log folder? Anyone have any ideas or do you need more information or anything. Thank you, Jacob Snow jacobsc () kpt nuwc navy mil (360)315-3487 NAVSEA Intern
Current thread:
- Question about Snort/ACID/MySQL and how they play together Snow Jacob C KPWA (Apr 23)
- RE: Question about Snort/ACID/MySQL and how they play together Michael Steele (Apr 23)
- Re: Question about Snort/ACID/MySQL and how they play together Erek Adams (Apr 24)
- <Possible follow-ups>
- Question about Snort/ACID/MySQL and how they play together Snow Jacob C KPWA (Apr 23)
- RE: Question about Snort/ACID/MySQL and how they play together Michael Steele (Apr 25)