Snort mailing list archives
Re: MySql and Snort
From: Cilin <cilin5 () yahoo com>
Date: Fri, 7 Feb 2003 12:41:40 -0800 (PST)
Additional Info I use: --Windows 2000 SMP machine but have disabled one of the processors for the sole purpose of using snort --Snort 1.9 --Latest versions of PHP, Apache and Acid --IDScenter 1.09 BETA 2.3 (the latest vers) -------------------------------------- The snort command line is: (as viewed from IDScenter) C:\Program Files\Snort\snort.exe -c "C:\Program Files\Snort\snort.conf" -l "C:\Program Files\Snort\Log" -E -h www.xxx.yyy.zzz/32 -i 1 -------------------------------------- Output Plugins in snort.conf 1. output database: log, Mysql, host=www.xxx.yyy.zzz port=3306 dbname=snort user=suser password=**** detail=Full 2. output database: alert, Mysql, host=www.xxx.yyy.zzz port=3306 dbname=snort user=suser password=**** detail=Full *I added the 2nd one after following some suggestion i saw somewhere(I am not sure if 2 plugins can use the same database though) Snort wasn't logging into mysql with the first one by itself either. -------------------------------------- I also tried this: -Move all rules to /etc/snort -Change every single line in snort.conf with "include" removing path /rules. The lines should be like this: include rpc.rules - restart snort I hope it should help you. It didn't, but thanks for trying to help. --- Cilin <cilin5 () yahoo com> wrote:
Hi, I am newbie to snort and also have the problem of Snort not logging into the MySql database. I did the following steps, as recommended in one of the earlier emails but nothing helped. 1. Created the database snort in MySQL with appropriate permissions for users and hosts. 2. Ran the script contrib/create_mysql in the snort source code against the database as a user with the correct permissions. 3. Uncommented and supplied user, password, database and host for the output database line for mysql in the snort.conf file. 4. Restarted Snort. and still nothing Snort does log the scans (scan.log gets updated every time i run a scan over the network) However i haven't gotten a single error yet. (alert.ids is 0Kb) when i run snort from the command line via "snort -v -i 1" I get: 0 dropped packages Action stats: Alerts: 0 Logs : 0 Passed: 0 Wireless Stats, Fragmentation Stats, TCP Stream Reasembly stats have ONLY '0's. Please help, i have searched the internet and the forums for any clues for the past 2 weeks but didn't find anything.
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort+mysql+acid Alan McCarty (Feb 04)
- Re: snort+mysql+acid Dustin Decker (Feb 04)
- <Possible follow-ups>
- RE: snort+mysql+acid Scott, Joshua (Feb 04)
- MySql and Snort Cilin (Feb 05)
- Re: MySql and Snort Anne Carasik (Feb 05)
- Re: MySql and Snort Cilin (Feb 07)
- MySql and Snort Cilin (Feb 05)