Re: starting snort-Mysql on Mandrake 9.2

[Dirk Geschke <Dirk_Geschke () genua de>]

Hi Michel,

> Concerning  my latest post about snort mysql logging on two different
> mysql servers, 3 and 4 dec in this list, here is the hard found answer:
>
> At that time, I was extremely surprised to see that although syslog
> logging worked extremely fine, nothing ever arrived to the sql server.
>  
> Of course, all my config files were correct, this was seen in my posts.
>
> Nevertheless, let me pinpoint the fact that to achieve a successful
> mysql logging from snort alerts, one has to start snort wrom within
> startup scripts a special way, I mean WITHOUT the default install -s tag
> which present at default install time caused the impossible mysql link.
this works as designed but not ever desired...

> From snort.c:

            case 's':  /* log alerts to syslog */
                pv.alert_mode = ALERT_SYSLOG;
#ifndef WIN32
                /* command line alerting option has been specified, 
                 * override the alert options in the config file
                 */ 
                pv.alert_cmd_override = 1;

So the command line option -s replaces all output plugins of the
config file. (The same holds for option -A).

Maybe this shoul be mentioned more precisely in the man page
of snort?

Best regards

Dirk



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users