Snort mailing list archives
Re: Snort and MySQL
From: sEc nErD <umkcguy1978 () yahoo com>
Date: Tue, 8 Feb 2005 18:06:04 -0800 (PST)
ok below are the details of whtz up with my snort...it is having all alerts in /var/log/snort/alert file but just that nothing in mysql database.one thing happened was mysql was not running ,then i started mysqld from init.d since i started it aftre i was running snort..do i need to stop and restart snort??so that it connects to the database if yes what would be the command for that!! [root@localhost snort]# ps -ef| grep snort snort 1791 1 0 08:42 ? 00:00:46 /usr/sbin/snort -A fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort [root@localhost snort]# ps -ef| grep mysql root 2029 1 0 08:42 ? 00:00:00 /bin/sh /usr/bin/safe_mysqld --defaults-file=/etc/my.cnf mysql 2053 2029 0 08:42 ? 00:00:00 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking line in my snort.conf that i have uncommented: output database: log, mysql, user=snort password=snort dbname=snort host=localhost output from /var/log/messages Feb 8 14:49:48 localhost sshd(pam_unix)[3049]: session opened for user root by (uid=0) Feb 8 15:15:30 localhost mysqld: Starting MySQL: succeeded Feb 8 16:32:24 localhost kernel: UDF-fs: No VRS found Feb 8 16:33:59 localhost sshd(pam_unix)[2894]: session closed for user root Feb 8 16:34:01 localhost sshd(pam_unix)[3049]: session closed for user root Feb 8 16:34:47 localhost sshd(pam_unix)[3290]: session opened for user root by (uid=0) Feb 8 16:58:15 localhost sshd(pam_unix)[3375]: session opened for user root by (uid=0) Feb 8 17:06:49 localhost sshd(pam_unix)[3290]: session closed for user root Feb 8 17:06:54 localhost sshd(pam_unix)[3375]: session closed for user root Feb 8 19:56:25 localhost sshd(pam_unix)[3552]: session opened for user root by (uid=0) --- Robert Spangler <bms () zoominternet net> wrote:
On Sun August 29 2004 13:35, Robert Spangler wrote:I seem to be having a problem setting up snort touse MySQL database. I had an error in my snort.conf filesnort.conf has the following entry:===================================================output database: log, MySQL, user=snort,password=******** dbname=snorthost=localhost=================================================== The above was placed in the wrong area of the config. When this was corrected snort seemed to run without any problems. NOW I don't think things are running correctly. I run a scan against my machine using CIS and it does it's reporting but I never see anything in ACID or OpenAanval. I used the following quick setup guide written by Patrick Harper at http://www.internetsecurityguru.com/ -- Regards Robert Smile..... It increases your face value.
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort and MySQL sEc nErD (Feb 08)
- Re: Snort and MySQL James Riden (Feb 08)
- <Possible follow-ups>
- RE: Snort and MySQL Harper, Patrick (Feb 09)
- RE: Snort and MySQL sEc nErD (Feb 09)
- RE: Snort and MySQL Joshua Berry (Feb 09)
- RE: Snort and MySQL sEc nErD (Feb 10)