Snort mailing list archives

RE: Send data to MySQL and Alert file

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Mon, 5 May 2003 13:33:40 -0400

I use the following output plugins in my snort.conf:  

output alert_fast: alert.ids
output database: log, mysql, host=somehost port=3306 dbname=snortdb
user=xxxxxxx 
                 password=xxxxxxx sensor_name=sensor1 encoding=hex
detail=Full
output alert_syslog: LOG_AUTHPRIV LOG_ALERT

I get alerts to both a file (alert.ids) and syslog, and log entries to
MySQL.  If you want alerts to MySQL, then change the 'output database: log,
...' to 'output database: alert, ...'.

They should work for you too.  


- Christopher


-----Original Message-----
From: Anthony Seung [mailto:aseung () bart gov]
Sent: Monday, May 05, 2003 12:49 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Send data to MySQL and Alert file


I am trying to send data to two places.  One is to the MySQL database
and another is to the alert file.  When I set the output to MySQL, no
data goes to alert file.  Only when I comment out output for MySQL, the
data now goes to alert file.  Anybody know how to get data to both
places?

Thanks,

=============================================
Anthony Seung
Communications Engineering
510-464-6529




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Send data to MySQL and Alert file Anthony Seung (May 05)
- RE: Send data to MySQL and Alert file Rafeeq Rehman (May 05)
- Re: Send data to MySQL and Alert file Erek Adams (May 05)
- <Possible follow-ups>
- RE: Send data to MySQL and Alert file L. Christopher Luther (May 05)
- Re: Send data to MySQL and Alert file Yijia_Zhou (May 06)