Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: sql and acid

From: "Hutchinson, Andrew" <Andrew.Hutchinson () Vanderbilt edu>
Date: Tue, 11 Feb 2003 12:56:36 -0600
1.> Your command line output option (-A fast) overrides your output line
in your snort.conf file.  As such, I must ask question #2 ...
2.> What does your snort.conf output line look like?  You'll never log
to the database if you haven't set up the snort.conf file correctly.

Andrew Hutchinson
Vanderbilt University Medical Center
Informatics / NCS / Network Security
(615) 936-2856

-----Original Message-----
From: tanis () knology net [mailto:tanis () knology net] 
Sent: Tuesday, February 11, 2003 12:27 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] sql and acid


ok let me try to explain this so I can get some kind of sleep. I set up 
snort on my Redhat 8.0 box. I installed MySql and ACID. Now I have a 
database that says snort. I am using Webmin to look at my snort DBase.
Now 
I open all the tables and there is no data. I used the script it calls
for 
in the pdf at snort.org for sql and Acid for 7.3. I have followed the 
directions to the T. Nothing. my user for the DBase is root. Not smart I

know but I want to keep it simple till I no for sure I can run this
right. 
ok so here is my snortd script.

# INTERFACE=eth1

# See how we were called.
# case "$1" in
# start)
# echo -n "Starting snort: "
# cd /var/log/snort
#  daemon /usr/sbin/snort -A fast -b -l /var/log/snort -d -D \
#     -i $INTERFACE -c /etc/snort/snort.conf
# touch /var/lock/subsys/snort
# echo

this is not commented out in the script. it is just for this email.

can someone send me a copy of there snortd script that is working with 
Mysql? because if snort is not populating the tables I can not get any
data from ACID. Is this right?

Tanis 



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: