Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mysql logging trouble

From: roman () danyliw com
Date: Fri, 12 Oct 2001 13:29:37 US/Eastern
The portscan pre-processor only outputs to the alert facility.  Modify the
database configuration to use alert instead of log:

output database: alert, mysql, user=user dbname=snort host=localhost

Roman

On Fri, 12 Oct 2001, Frontgate Lab wrote:
 


Hiya.. im asking this again in a separate email so that topics dont get
confused:

how do i figure out why the snort alerts are not getting into my
mysql database even when i have the following line in the snort.conf?

# database: log to a variety of databases
# See the README.database file for more information about configuring
 output database: log, mysql, user=user dbname=snort
host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, unixodbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort
password=test
# as databases or the network can now be avoided.  
# and a mysql database.
#   output database: log, mysql, user=snort dbname=snort
host=localhost

when i do a process listing in mysql it seems that snort  is no longer
logged in from localhost after some time elapses. 

Also has anyone figured out how to get portscans into the database?


i have the following setup on redhat 7.1 :

[root@fglab /root]# snort -V

-*> Snort! <*-
Version 1.8.1-current (Build 79)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

[root@fglab /root]# rpm -q MySQL
MySQL-3.23.43-1

[root@fglab /root]# rpm -q MySQL-Max
MySQL-Max-3.23.43-1
 

ps ax | grep snort
 4483 ?        S      0:28 snort -D -s -c /etc/snort/snort.conf -l
/var/log/snor
15562 pts/3    S      0:00 grep snort


thank you :)

Madhav


Note: The information contained in this message may be privileged and
confidential and protected from disclosure.  If the reader of this
message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient, you
are hereby notified that any dissemination, distribution or copying of
this communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to the
message and deleting it from your computer.  Thank you.  Wagner Weber &
Williams

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: