RE: MySql and Snort

["L. Christopher Luther" <CLuther () Xybernaut com>]

Cilin,  

Please post additional information so that we can better help you.  For
example:  

o  The Snort command line you use when not sniffing (i.e., the '-v' puts
Snort in sniffer mode, not in packet logger mode).  

o  Output plugins in snort.conf  

o  etc.  


Regards, 

Christopher


-----Original Message-----
Date: Wed, 5 Feb 2003 14:51:32 -0800 (PST)
From: Cilin <cilin5 () yahoo com>
To: snort-users () lists sourceforge net
Subject: [Snort-users] MySql and Snort

Hi, I am newbie to snort and also have the problem of
Snort not logging into the MySql database. I did the
following steps, as recommended in one of the earlier
emails but nothing helped.

1.  Created the database snort in MySQL with
appropriate permissions for users and hosts.
2.  Ran the script contrib/create_mysql in the snort
source code against the database as a user with the
correct permissions.
3.   Uncommented and supplied user, password, database
and host for the output database line for mysql in the
snort.conf file.
4.   Restarted Snort.

and still nothing
Snort does log the scans (scan.log gets updated every
time i run a scan over the network)
However i haven't gotten a single error yet.
(alert.ids is 0Kb)

when i run snort from the command line via 
"snort -v -i 1" I get:

0 dropped packages

Action stats:
Alerts: 0
Logs  : 0
Passed: 0

Wireless Stats, Fragmentation Stats, TCP Stream
Reasembly stats have ONLY '0's.

Please help, i have searched the internet and the
forums for any clues for the past 2 weeks but didn't
find anything.

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com