Honeypots mailing list archives
Re: Logging to MySQL from the Honeywall CD
From: Patrick McCarty <mccartyp () apu edu>
Date: Wed, 2 Mar 2005 09:37:56 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christian, My first thought on this issue has often been the cause of many of my issues. That is, that the honeywall is based on diet-libc (stripped down glibc). Unfortunately, that is a problem not easily overcome. (If that is in fact the problem). My suggestion is try to recompile snort staticly. I havent personally attempted this, perhaps someone else could offer an alternative suggestion. - -- patrick On Wed, Mar 02, 2005 at 12:30:13PM +0100, Christian Larsen wrote:
Hello. I¹m trying to get Snort on my honeywall to log against an external mySQL-database. I¹ve added this line to /etc/snort/snort.conf: output database: log, mysql, user=snort_user password=******* dbname=snort_db host=******* I¹ve set up the mysql-server (and know it¹s working, since I¹m already running another snort-process from a different IDS-sensor against it), and the honeywall-logs tell me that the Snort/MySQL-handshake is completed after Snort is restarted. My question is then: Why isn¹t Snort sending data to the database? Snort is running and generating regular logs in /var/log/snort/xxx/, but nothing is sent to the external database. Port 3306 is open, but there is no traffic going out of the honeywall-GW on it. Thank you. Kind regards Christian
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFCJfn0pPYocrgNjZgRAiT7AJ9WBveOmpCGXQCfGvmOb0lXF4YnJwCeJAQx V+hgB6r7PV12910PkI1RTI4= =wTph -----END PGP SIGNATURE-----
Current thread:
- GenII Honeynet with NAT Martin Kristensen (Mar 01)
- RE: GenII Honeynet with NAT Andre Derek Protas (Mar 02)
- <Possible follow-ups>
- RE: GenII Honeynet with NAT Stejerean, Cosmin (Mar 02)
- Logging to MySQL from the Honeywall CD Christian Larsen (Mar 02)
- Re: Logging to MySQL from the Honeywall CD Patrick McCarty (Mar 02)
- Logging to MySQL from the Honeywall CD Christian Larsen (Mar 02)