Snort mailing list archives
[REPOST] Snort not loging on MySql
From: "Di Fresco Marco" <superdif () ciaoweb it>
Date: Fri, 30 Jan 2004 22:20:20 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I am re-sending this message because in the previous attempts I used a different e-mail address from the one I using to be subscribed to the list. So to the moderators: please disregard the previous e-mails and forgive me. I temporarily solved my previous problem ("Device didn't translate") by setting in snort.conf the HOME_NET to my real IP address instead of using (\Device\NPF_{18...3C}). At the moment Snort works, but I have another problem. Basically the problem is that Snort does not log on my MySql server. I checked the archives of this ML and I also done a search on Google, but the only two solutions I found were to try to drop the snort database and recreate it, or to check the perimission of the snort user to make sure it can write to the snort database; I tried both solutions and they did not work (the implementation of the solutions worked, but Snort still does not log). Here my environment: WinXP Pro. (full patched) Snort 2.1.0 MySql 4.0.17 (all three software on the same standalone machine). Here an extract of my snort.conf: var HOME_NET [My IP address] var EXTERNAL_NET !$HOME_NET ... var SQL_SERVERS $HOME_NET ... output database: log, mysql, user=snort@localhost password=SNORTPASWORD dbname=snort host=localhost encoding=ascii detail=full ignore_dbf=0 (all in one line) For the part (of snort.conf) where all the rules are listed, I changed the path from relative ($RULE_PATH\) to absoulute (D:\Snort\rules\). And here is the syntax I use to launc Snort: D:\Snort\bin\snort.exe - -c "D:\snort\etc\snort.conf" -l "D:\snort\Log" - -A full -i 1 -I -d - -e -X (all in one line) Any suggestion? Thank in advance. Di Fresco Marco http://home.comcast.net/~superdif/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQIVAwUBQBtJIGFI2e+I8s0+AQKB0Q/+PfItcz4mve5ACDqvjHawvpfuV+uwd9zm nAs2nAAPUvqD0oiw/kqqofwjvOU58p62n4ELMkUTDm7Xs7cMTqmK11ZXdbO69r1J NHdx9H4UaXCP182z/r8WwHOPhqzvFCUAMz6eGcP8JdHgxQW7NatO/dOeodCbvCzC 4IhRF1tG/gQ985ktbwpLBw/jUokiK9MySZMq8QXz2znk2TEVcqPiZkVHFbRQqSow 93usOIl0azE9NagYSt9GN5KAGSgIUF91VOcRPUhVLY7nDAK43/sD5Ual4CmikXfl m27wJGb4gGLfpzhKyDkMfTB6d9w/Drn53MFVGosAFkD6NDD2h+vajmo9sr10qgQH 3qUaTuaDmcAUirsIoNF8FXbJ+uLUMKelZDdr0fjcAaU1LibmIanO83fw2aR9+xDd 2pTmLWrgGi8nE8ZFFPLRIUcfycOfBmkIx8VRx5mj7c8DqUy46kwXfB/wfedLe9px f1nuKjkjc3K/D83wIUvfDBxAkqkOkRdlMzgRicA9CRlpLGdoXCVY+dSGD9Ondejj 7WZ05H3e+KVgB9un/RzwiSG8+csdbr5hqXJFfeYB3/JaXA9AvjhxRotft5/4vL8z otMhtk6c3gsAMRet9CaWMWBs85QE8QRaYbnW7bOegKItop5yUV6qUhxv4pLZD1pV k9fFhHUIYT4= =OHzN -----END PGP SIGNATURE----- ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [REPOST] Snort not loging on MySql Di Fresco Marco (Jan 30)
- <Possible follow-ups>
- [REPOST] Snort not loging on MySql Di Fresco Marco (Feb 02)