Re: Logging to MySQL from the Honeywall CD

[Patrick McCarty <mccartyp () apu edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Christian,

My first thought on this issue has often been the cause of many of my issues.
That is, that the honeywall is based on diet-libc (stripped down glibc).
Unfortunately, that is a problem not easily overcome. (If that is in fact the problem).

My suggestion is try to recompile snort staticly. I havent personally attempted this, perhaps someone else could offer 
an alternative suggestion.

- -- patrick

On Wed, Mar 02, 2005 at 12:30:13PM +0100, Christian Larsen wrote:
> Hello.
>
> I¹m trying to get Snort on my honeywall to log against an external
> mySQL-database. I¹ve added this line to /etc/snort/snort.conf:
>
> output database: log, mysql, user=snort_user password=*******
> dbname=snort_db host=*******
>
> I¹ve set up the mysql-server (and know it¹s working, since I¹m already
> running another snort-process from a different IDS-sensor against it), and
> the honeywall-logs tell me that the Snort/MySQL-handshake is completed after
> Snort is restarted.
>
> My question is then: Why isn¹t Snort sending data to the database? Snort is
> running and generating regular logs in /var/log/snort/xxx/, but nothing is
> sent to the external database. Port 3306 is open, but there is no traffic
> going out of the honeywall-GW on it.
>
> Thank you.
>
> Kind regards
> Christian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFCJfn0pPYocrgNjZgRAiT7AJ9WBveOmpCGXQCfGvmOb0lXF4YnJwCeJAQx
V+hgB6r7PV12910PkI1RTI4=
=wTph
-----END PGP SIGNATURE-----