Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: Snort correctly logging to MySQL

From: Juergen.Deitermann () bertelsmann de
Date: Tue, 24 Sep 2002 10:12:07 +0200
Hi,
try
output database: alert, mysql, user=snort password=snort dbname=snort
host=localhost
in addition to the log-entry in snort.conf.

Regards
Juergen

-----Ursprüngliche Nachricht-----
Von: Al.Wever () alticor com [mailto:Al.Wever () alticor com]
Gesendet: Montag, 23. September 2002 18:28
An: snort-users () lists sourceforge net
Betreff: [Snort-users] Snort correctly logging to MySQL


Hello all,
I have been using Snort successfully for some time now as a backup IDS to
our primary systems.  Now that we have some free equipment I decided to
install Snort on a Win2K server as a test.  Along with that I have
installed MySql and ACID on an IIS server to see what the performance
issues would be like.  So far I am very impressed, so impressed that I am
about to give our primary IDS a boot out the door, but... I cant.
During the testing phase I noticed the log file alert.ids was expanding
considerably.  After further investigation I have noticed that there are
alerts residing in the log file that are not in the MySQL database.  For
example, WEB-CGI phf access and WEB-MISC /etc/passwd.  Our primary IDS did
pickup on these attacks, but Snort has not transferred them into the ACID
database.
Does anyone have any thoughts as to why they were never sent to the MySQL
database?

Thanks in advance
Best regards,
Al Wever


Config info:

Snort.conf
output database: log, mysql, user=snort password=snort dbname=snort
host=localhost

Used to start Snort as a service.
snort -c c:\snort\snort.conf -l c:\snort\logs -i2



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: