Snort mailing list archives
Re: [snort-mysql] logging OK to logfile, not to mysql database
From: "Josh Berry" <josh.berry () netschematics com>
Date: Wed, 3 Dec 2003 23:05:08 -0600 (CST)
Have you tested running the snort instance without using daemon mode (-D) and watching to see if snort complains? If so are you getting any errors with snort? Does it say that it has connected?
Hello I am desperately trying to log snort output to a mysql database (dual logging across a vpn will come later). Snort logging to its classical log files (/var/log/snort/snortfiles i am running Mandrake) works perfectly. But the recently created mysql 'snort' database remains desperately empty although I had number of alerts since that time. the snort database was created according to snort-2.0.1 documentation as follows: % echo "CREATE DATABASE snort;" | mysql -u root -p then, logging to mysql as mysql-root user, I have done the following privileges changes on the snort database: mysql> grant INSERT,SELECT on snort.* to snortusr@localhost; Query OK, rows affected (0.04 sec) mysql> grant INSERT,SELECT,UPDATE on snort.sensor to snortusr@localhost; Query OK, rows affected (0.01 sec) as you see, no errors were seen Afterwards, I have created the snort database structure, as root, using the /usr/share/doc/snort-2.0.1/create_mysql script, with no errors at the output of course, both snort and mysql have been restarted afterwards But still no logging, at all, the snort db remains empty, although text logging in /var/log/snort goes on here is the corresponding /etc/snort.conf section (...) output log_tcpdump: tcpdump.log (...) output database: log, mysql, user=snortusr password=XXXX dbname=snort host=localhost encoding=hex detail=full (...) Can I keep logging to files while using MySQL at the same time ? Can this lead to errors ? here are the versions of the softwares I use: MySQL-common-4.0.11a-5.1mdk MySQL-client-4.0.11a-5.1mdk MySQL-4.0.11a-5.1mdk libmysql10-3.23.56-1.4mdk libmysql12-4.0.11a-5.1mdk snort-2.0.0-2.1mdk snort-mysql-2.0.0-2.1mdk Thanks for clues. -- Michel Christophe <tofm2 () yahoo fr>
Thanks, Josh Berry, CTO LinkNet-Solutions 469-831-8543 josh.berry () linknet-solutions com ------------------------------------------------------- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [snort-mysql] logging OK to logfile, not to mysql database Michel Christophe (Dec 03)
- Re: [snort-mysql] logging OK to logfile, not to mysql database Josh Berry (Dec 03)
- RE: [snort-mysql] logging OK to logfile, not to mysql database Michael Steele (Dec 03)
- RE: [snort-mysql] logging OK to logfile, not to mysql database Michel Christophe (Dec 04)
- RE: [snort-mysql] logging OK to logfile, not to mysql database Michael Steele (Dec 03)
- Re: [snort-mysql] logging OK to logfile, not to mysql database Josh Berry (Dec 03)