Snort mailing list archives
RE: Problems logging to syslog and mysql simultaneously
From: "Michael Steele" <michaels () silicondefense com>
Date: Thu, 20 Jun 2002 16:22:08 -0700
Don, Ok, Is your MySQL on the same machine as your Snort, and Syslog? In your output database line, have you selected host=127.0.0.1 ? In MySQL my.ini setup I have bind-address=127.0.0.1 On our machine we are running Snort, MySQL, and our Syslog on the same machine. -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: Don [mailto:Don () WeberOnTheWeb com] Sent: Wednesday, June 19, 2002 3:34 PM To: Michael Steele Subject: RE: [Snort-users] Problems logging to syslog and mysql simultaneously tried that, did that, just now again even, still nogo Don -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Michael Steele Sent: Wednesday, June 19, 2002 3:13 PM To: dlpassport () s2access com Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Problems logging to syslog and mysql simultaneously Dallas, Remove the -s switch and add these to your Snort.conf output alert_syslog: LOG_AUTH LOG_ALERT output alert_full -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of dlpassport () s2access com Sent: Wednesday, June 19, 2002 2:46 PM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] Problems logging to syslog and mysql simultaneously I'm still experiencing the same problem logging to a local syslog, even with the database logging disabled... it will only write there if i specify the -s 127.0.0.1. I've got a feeling I'm missing something obvious. Any suggestions? Thanks, DL -----Original Message----- From: Michael Steele [mailto:michaels () silicondefense com] Sent: Wednesday, June 19, 2002 2:26 PM To: dlpassport () s2access com Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Problems logging to syslog and mysql simultaneously Dallas, You need to pickup a syslog server like Kiwi Syslog Server or a freeware one: Snip--Snip -> For stability I would recommend 3com's free syslog server for Windowz http://support.3com.com/software/utilities_for_windows_32_bit.htm <-- for a bunch of goodies ftp://ftp.3com.com/pub/utilbin/win32/3CSyslog.zip <-- for the syslog server It runs great on 2K & XP This one may work: http://www.cls.de/Default.asp works well but randomly inserts fixed string in syslog output in the freeware version. <--snip--> Hello list. I am running Snort 1.8.7-mysql-win32 and am having the following problem. I would like to log to the local mysql database as well as a remote syslog.
From all that I can find, the only way to log to a remote syslog is
with
a -s 1.1.1.1 option from the command line. When I specify this on the
command line, snort ignores my output database statement.
Is there anyway to specify a remote syslog server within snort.conf?
What
else could be causing this problem? I'd prefer not to log to a local
syslogd then forward.
Thanks,
Dallas LaRose
<--snip from snort.conf-->
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=snort password=blah dbname=snort
port=3306
host=localhost
<--snip-->
<--snip-->
------------------------------------------------------------------------
----
Bringing you mounds of caffeinated joy
>>> http://thinkgeek.com/sf <<<
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------
----
Bringing you mounds of caffeinated joy
>>> http://thinkgeek.com/sf <<<
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Problems logging to syslog and mysql simultaneously, (continued)
- RE: Problems logging to syslog and mysql simultaneously dlpassport (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Michael Steele (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Michael Steele (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Don (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Michael Steele (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Frank Knobbe (Jun 21)
- RE: Problems logging to syslog and mysqlsimultaneously Michael Steele (Jun 21)
- RE: Problems logging to syslog and mysqlsimultaneously Don (Jun 22)
- RE: Problems logging to syslog and mysql simultaneously Don (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously dlpassport (Jun 19)