Snort mailing list archives
RE: Problems logging to syslog and mysql simultaneo usly
From: "LaRose, Dallas" <dlpassport () s2access com>
Date: Wed, 26 Jun 2002 10:16:47 -0500
Has anyone found any additional information on this problem? Is anyone else experiencing this? TIA, Dallas -----Original Message----- From: LaRose, Dallas [mailto:dlpassport () s2access com <mailto:dlpassport () s2access com> ] Sent: Thursday, June 20, 2002 11:33 AM To: 'Michael Steele' Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Problems logging to syslog and mysql simultaneo usly Michael, Please see my notes below. Were you able to reproduce the problem? Thanks, Dallas -----Original Message----- From: Michael Steele [mailto:michaels () silicondefense com <mailto:michaels () silicondefense com> ] Sent: Thursday, June 20, 2002 9:25 AM To: dlpassport () s2access com Subject: RE: [Snort-users] Problems logging to syslog and mysql simultaneously DL, We are working on this problem. 1. You can log to local Syslog? *** Only when using -s *** Using what method? 1. output alert_syslog: LOG_AUTH LOG_ALERT output alert_full *** This doesn't log at all *** 2. -s xxx.xxx.xxx.xxx:xxx *** This works properly *** 3. Item 2 is local or remote? *** When using a -s, this works locally and remotely *** -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com <mailto:michaels () silicondefense com> Silicon Defense: IDS solutions - http://www.silicondefense.com <http://www.silicondefense.com> Snort: Open Source Network IDS - http://www.snort.org <http://www.snort.org> -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net <mailto:snort-users-admin () lists sourceforge net> ] On Behalf Of dlpassport () s2access com Sent: Thursday, June 20, 2002 5:25 AM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] Problems logging to syslog and mysql simultaneously Per our discussion yesterday, I am still having similar problems. I am unable to log to a local syslog without a command line switch. The -s x.x.x.x:xxx does work on Win32... but when using this option, all other outputs are disabled. Even with the output alert_syslog: LOG_AUTH LOG_ALERT output alert_full in my snort.conf, I am still experiencing the problem. Does anyone have a snort.conf that works? Is there any "order of operations" or sequence with the conf options? Also.. Michael... the Kiwi syslog server does RegExp checking and can run an executable based on a RegExp match. Have this trip a batch file which calls Blat to send an e-mail. This should work well for you. Not as clean as swatch, but it works. Thanks... DL -----Original Message----- From: Steven Williams [mailto:Steven.Williams () computershare com au <mailto:Steven.Williams () computershare com au> ] Sent: Wednesday, June 19, 2002 9:33 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] RE: Problems logging to syslog and mysql simultaneously I've had exactly the same problem with my setup. I can get snort to log to either Syslog locally or remotely, but not at the same time as logging to the remote database. I've tried both the -s options on the command line, and also Michaels suggestions within snort.conf, but it will only let me have one or the other, and the -s option does turn on or off the syslog option. Changing any parameters with snort.conf don't seem to make any difference. This is with snort 1.8.7-MySQL-Win32 Build 121 on W2K Server, using Kiwi Syslog Server Ver 6.4.9. I am logging remotely to another W2K server also running the same version of Kiwi and MySql 3.23.40. Steve --- This email and any files transmitted with it are solely intended for the use of the addressee(s) and may contain information that is confidential and privileged. If you receive this email in error, please advise us by return email immediately. Please also disregard the contents of the email, delete it and destroy any copies immediately. Computershare Limited and its subsidiaries do not accept liability for the views expressed in the email or for the consequences of any computer viruses that may be transmitted with this email This email is also subject to copyright. No part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner. ------------------------------------------------------- Bringing you mounds of caffeinated joy
http://thinkgeek.com/sf <http://thinkgeek.com/sf> <<<
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users> Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users <http://www.geocrawler.com/redir-sf.php3?list=snort-users> ------------------------------------------------------- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <http://thinkgeek.com/sf> <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users> Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users <http://www.geocrawler.com/redir-sf.php3?list=snort-users> ------------------------------------------------------- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <http://thinkgeek.com/sf> <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users> Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users <http://www.geocrawler.com/redir-sf.php3?list=snort-users> ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn <http://www.jabberconf.com/osdn> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users> Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Current thread:
- RE: Problems logging to syslog and mysql simultaneo usly LaRose, Dallas (Jun 20)
- <Possible follow-ups>
- RE: Problems logging to syslog and mysql simultaneo usly Robbins, Mark (Jun 20)
- RE: Problems logging to syslog and mysql simultaneo usly LaRose, Dallas (Jun 26)