Snort mailing list archives
[snort-mysql] logging OK to logfile, not to mysql database
From: Michel Christophe <tofm2 () yahoo fr>
Date: Wed, 03 Dec 2003 19:47:59 +0100
Hello I am desperately trying to log snort output to a mysql database (dual logging across a vpn will come later). Snort logging to its classical log files (/var/log/snort/snortfiles i am running Mandrake) works perfectly. But the recently created mysql 'snort' database remains desperately empty although I had number of alerts since that time. the snort database was created according to snort-2.0.1 documentation as follows: % echo "CREATE DATABASE snort;" | mysql -u root -p then, logging to mysql as mysql-root user, I have done the following privileges changes on the snort database: mysql> grant INSERT,SELECT on snort.* to snortusr@localhost; Query OK, 0 rows affected (0.04 sec) mysql> grant INSERT,SELECT,UPDATE on snort.sensor to snortusr@localhost; Query OK, 0 rows affected (0.01 sec) as you see, no errors were seen Afterwards, I have created the snort database structure, as root, using the /usr/share/doc/snort-2.0.1/create_mysql script, with no errors at the output of course, both snort and mysql have been restarted afterwards But still no logging, at all, the snort db remains empty, although text logging in /var/log/snort goes on here is the corresponding /etc/snort.conf section (...) output log_tcpdump: tcpdump.log (...) output database: log, mysql, user=snortusr password=XXXX dbname=snort host=localhost encoding=hex detail=full (...) Can I keep logging to files while using MySQL at the same time ? Can this lead to errors ? here are the versions of the softwares I use: MySQL-common-4.0.11a-5.1mdk MySQL-client-4.0.11a-5.1mdk MySQL-4.0.11a-5.1mdk libmysql10-3.23.56-1.4mdk libmysql12-4.0.11a-5.1mdk snort-2.0.0-2.1mdk snort-mysql-2.0.0-2.1mdk Thanks for clues. -- Michel Christophe <tofm2 () yahoo fr>
Attachment:
signature.asc
Description: Ceci est une partie de message numériquement signée
Current thread:
- [snort-mysql] logging OK to logfile, not to mysql database Michel Christophe (Dec 03)
- Re: [snort-mysql] logging OK to logfile, not to mysql database Josh Berry (Dec 03)
- RE: [snort-mysql] logging OK to logfile, not to mysql database Michael Steele (Dec 03)
- RE: [snort-mysql] logging OK to logfile, not to mysql database Michel Christophe (Dec 04)
- RE: [snort-mysql] logging OK to logfile, not to mysql database Michael Steele (Dec 03)
- Re: [snort-mysql] logging OK to logfile, not to mysql database Josh Berry (Dec 03)