Re: SNORT with mysql

[Joerg Weber <j.weber () infos de>]

Hi,

> What is the best way to test if snort works 100% with mysql (that it logs all in mysql)? 
Did you google around abit? You might find that [0] is pretty
informative, aside from the the FAQ at [1].

If you just want to know wether snort's logging into the DB and you'r
not using a web-interface (dunno why you'd do that, though),

> mysql -usnort -p -hhost
> connect snort;
> select count(1) from snort.acid_event;

assuming that snort's the name of the DB, this will count the elements
in the acid_event DB. It shouldn't be empty.

Alternatively, you can of course always tcpdump on your snorthost and
you'll see MySQL etc. traffic.

All based on the assumption that your config is right, of course.

Good luck!

[0] http://www.andrew.cmu.edu/~rdanyliw/snort/snortdb/snortdb_faq.html
[1] http://www.snort.org/docs/faq.html
-- 
Joerg Weber
Network Security

infoServe GmbH
Nell-Breuning-Allee 6
D-66115 Saarbruecken

T: (0681) 8 80 08 - 0
F: (0681) 8 80 08 - 59
www.infos.de
E: j.weber () infos de

Attachment: signature.asc
Description: This is a digitally signed message part