Snort mailing list archives
DB Problem (long lines)
From: Jan Gruber <jan.gruber () pollux primacom net>
Date: Fri, 16 May 2003 12:24:41 +0200
Hi! Im nearly at the point to bang my head against the wall. Hopefully somebody can prevent that. I get alerts logged into syslog, but not into mysql The snort user has all needed perms in the db, I tested it from the mysql console. He can insert, delete, create, update, index etc.pp. in the snort db. INSERT INTO event .... works ok from the commandline. * Config: FreeBSD 4.8 Snort 2.0.0 (plain source or patched for port-build, makes no difference) - compiled with mysql-support, double checked that - snort conf output plugins output database: alert, mysql, user=snortuser password=snortpasswd dbname=snort host=localhost sensor_name=sensor output alert_syslog: LOG_AUTH LOG_ALERT mysql Ver 3.23.55 for portbld-freebsd4.8 snort cmdline: /usr/local/bin/snort -u snort -g snort -D -I -i dc0 -N -c /usr/local/etc/snort/snort.conf mysql log on snort startup: 030516 10:57:11 14 Connect snort@localhost on snort 14 Query SELECT sid FROM sensor WHERE hostname = 'xxx.xxx.xxx.xxx' AND interface = 'fxp0' AND detail = '1' AND encoding = '0' AND filter IS NULL 14 Query SELECT last_cid FROM sensor WHERE sid = '5' 14 Query SELECT MAX(cid) FROM event WHERE sid = '5' 14 Query SELECT vseq FROM schema 030516 10:57:12 15 Connect snort@localhost on snort 15 Query SELECT sid FROM sensor WHERE hostname = 'xxx.xxxxxxxx.xxx:dc0' AND interface = 'dc0' AND detail = '1' AND encoding = '0' AND filter IS NULL 15 Query SELECT last_cid FROM sensor WHERE sid = '1' 15 Query SELECT MAX(cid) FROM event WHERE sid = '1' 15 Query SELECT vseq FROM schema 030516 10:57:13 16 Connect snort@localhost on snort 16 Query SELECT sid FROM sensor WHERE hostname = 'xxx.xxxxxxxx.xxx:dc1' AND interface = 'dc1' AND detail = '1' AND encoding = '0' AND filter IS NULL 16 Query SELECT last_cid FROM sensor WHERE sid = '2' 16 Query SELECT MAX(cid) FROM event WHERE sid = '2' 16 Query SELECT vseq FROM schema Obviously mysql connect is ok, but no alerts get logged into the database. Any hint is appreciated. TIA Jan -- Jan Gruber Primacom AG Central Systems Office: +49 (341) 609 524 53 Fax: +49 (341) 609 525 17 cat /dev/world | perl -e "while (<>) {(/(^.*?\?) 42\!/) && (print $1)}" errors->(c) - ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DB Problem (long lines) Jan Gruber (May 16)
- Re: DB Problem (long lines) Jan Gruber (May 16)
- <Possible follow-ups>
- DB Problem (long lines) Jan Gruber (May 16)