Snort mailing list archives
RE: Snort Sensors + logging to MSSQL
From: "Michael Steele" <michaels () silicondefense com>
Date: Thu, 16 Jan 2003 08:49:10 -0800
Shree, I wouldn't think it would matter to Snort where you log to as long as the correct criteria: 1) Snort for MSSQL logging is used 2) In snort.conf the output database line are configured properly 2) Proper schema for the database has been setup on your remote MSSQL database 3) Snort has an unobstructed path to the database 4) Snort runs without any errors. I think this is all that is required. -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of shreerang vaidya Sent: Thursday, January 16, 2003 4:43 AM To: emechler () techometer net Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort Sensors + logging to MSSQL Thank You for the response, Let me a bit more clear about what I am trying to describe. I am trying to / have configured snort to log on to the MSSQL server which sits on a WIndows System . The DB has been configured with the proper schema . The only problem area is to get snort (residing on the Linux machine) to log data/events to the WIndows MS SQL server. I essentially am looking for some kind of bridge to get snort , log data to the MS SQL server. I guess this info should be good enough. Let me know if you have a solution. Cheers, Shree. ---------- Original Message ---------------------------------- From: Erick Mechler <emechler () techometer net> Date: Wed, 15 Jan 2003 10:34:38 -0800
:: I have edited the snort.conf file to enable the necessary changes to log :: to the MSSQL server. :: The SQL database has been configured and the necessary database had been
:: created.
:: Do i need to run/enable anything else in order to log to the SQL server?
Nope. In very simplistic terms:
1. Configure snort to log to MySQL
2. Configure your DB with the proper snort DB schema
3. Give the "snort" user (whatever you may chose to call it) permissions
to write to the snort DB you configured in #2.
4. Let 'er rip.
If you're asking why your setup doesn't work the way you expect, we're
going to need a bit more information to go on :)
Cheers - Erick
-------------------------------------------------------
This SF.NET email is sponsored by: A Thawte Code Signing Certificate
is essential in establishing user confidence by providing assurance of
authenticity and code integrity. Download our Free Code Signing guide:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Sensors + logging to MSSQL shreerang vaidya (Jan 15)
- Re: Snort Sensors + logging to MSSQL Erick Mechler (Jan 15)
- RE: Snort Sensors + logging to MSSQL Paulo Filipe Mira (Jan 16)
- <Possible follow-ups>
- RE: Snort Sensors + logging to MSSQL shreerang vaidya (Jan 16)
- Re: Snort Sensors + logging to MSSQL shreerang vaidya (Jan 16)
- RE: Snort Sensors + logging to MSSQL Michael Steele (Jan 16)