mySQLis built

["Garreth Jeremiah" <g.jeremiah () home com>]

Well, that was not fun.

I rebuilt SNOR with mysql enabled, and built mysql ( that was not fun at all ).  I amtrying to log to syslog at the 
same time, not knowing what facilties SNORT supports, I configured
alert_syslog: LOCAL6 LOG_LOCAL6 LOG_AUTH etc

note that I used LOCAL6 and LOG_LOCAL6

but for some reason - with my prior build ( without database support ) I had no problems and alerts were logged 
according to my local6 syslog directive ( /security/log/snort_log/alert ), but now ( with same snort.conf file ) only 
the default (/var/log/messages) receives the alerts.  Any ideas.

As stated I now have it hopefully logging to mysql.....but I don;t know diddley 'bout databases.  Is there any way I 
can query the database to ensure that alerts are being written in there?  Do I need to use ACID?  Any other tools?

Many thanks

Garreth J Jeremiah


--==|| The light at the end of the tunnel is often a train ||==--