Snort mailing list archives
AW: Snort correctly logging to MySQL
From: Juergen.Deitermann () bertelsmann de
Date: Tue, 24 Sep 2002 10:12:07 +0200
Hi, try output database: alert, mysql, user=snort password=snort dbname=snort host=localhost in addition to the log-entry in snort.conf. Regards Juergen -----Ursprüngliche Nachricht----- Von: Al.Wever () alticor com [mailto:Al.Wever () alticor com] Gesendet: Montag, 23. September 2002 18:28 An: snort-users () lists sourceforge net Betreff: [Snort-users] Snort correctly logging to MySQL Hello all, I have been using Snort successfully for some time now as a backup IDS to our primary systems. Now that we have some free equipment I decided to install Snort on a Win2K server as a test. Along with that I have installed MySql and ACID on an IIS server to see what the performance issues would be like. So far I am very impressed, so impressed that I am about to give our primary IDS a boot out the door, but... I cant. During the testing phase I noticed the log file alert.ids was expanding considerably. After further investigation I have noticed that there are alerts residing in the log file that are not in the MySQL database. For example, WEB-CGI phf access and WEB-MISC /etc/passwd. Our primary IDS did pickup on these attacks, but Snort has not transferred them into the ACID database. Does anyone have any thoughts as to why they were never sent to the MySQL database? Thanks in advance Best regards, Al Wever Config info: Snort.conf output database: log, mysql, user=snort password=snort dbname=snort host=localhost Used to start Snort as a service. snort -c c:\snort\snort.conf -l c:\snort\logs -i2 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: Snort correctly logging to MySQL Juergen . Deitermann (Sep 24)