Snort mailing list archives
Re: Snort Mysql Acid Combo
From: "Sam Osuala" <sam.osuala () logiciel-inc com>
Date: Wed, 4 Feb 2004 14:28:41 +0100
Dear Mark, /var/log/snort is not populated. There is also a success message from /etc/init.d/snort restart in /var/log/messages. The lat lines reads Feb 4 14:18:02 sniffer snort: Snort initialization complete successfully. The entry sensor_name=mysensor,......what will I use if I installed everything on one Linux box. Thanks Sam ----- Original Message ----- From: "Mark Fagan" <r00t () online ie> To: "Sam Osuala" <sam.osuala () logiciel-inc com> Cc: <snort-users () lists sourceforge net> Sent: Wednesday, February 04, 2004 12:47 PM Subject: Re: [Snort-users] Snort Mysql Acid Combo Is /var/log/snort populated with logs ? If so you probable dont have the correct entry in your snort.conf: It should be along the lines of: output database: log, mysql, sensor_name=mysensor user=snortuser password=snortpassword dbname=snort host=dbhost Also in the event you have a DB authentication issue open two ssh sessions, one tailing the /var/log/messages file: tail -f /var/log/messages And one restarting snort: /etc/init.d/snort restart If you get a success message you probably dont have the correct output database statement. Hope this helps. Mark Quoting Sam Osuala <sam.osuala () logiciel-inc com>:
I have installed a box with the following; 1] Redhat Linux 9.2 2] Snort 2.0.6 3] Mysql 4.0.17 4] Acid 0.9.6 5] php 4.3.4 6] zlib-1.1.4 7] libpcap-0.7.2 8] Apache 2.0.48 (not the one that came with the Linux ) 9] jgraph 1.14 10] adodb 405 These are all installed in the Linux box above. The issue is that the
mysql
is not getting any logs in the database. If I start my snort with "snort -dvC" I get the alerts on the screen. What could be the problem. Do I have
to
keep the components in different machines? Thanks Sam
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Mysql Acid Combo Sam Osuala (Feb 04)
- Re: Snort Mysql Acid Combo Martin Olsson (Feb 04)
- Re: Snort Mysql Acid Combo Sam Osuala (Feb 04)
- Re: Snort Mysql Acid Combo Martin Olsson (Feb 04)
- Re: Snort Mysql Acid Combo Sam Osuala (Feb 04)
- Re: Snort Mysql Acid Combo Josh Berry (Feb 04)
- Re: Snort Mysql Acid Combo Sam Osuala (Feb 04)
- Re: Snort Mysql Acid Combo Martin Olsson (Feb 04)
- Re: Snort Mysql Acid Combo Sam Osuala (Feb 04)
- <Possible follow-ups>
- Re: Snort Mysql Acid Combo M. Morgan (Feb 04)