Snort mailing list archives

RE: (no subject)

From: Robin Johnson <Rob.Johnson () dxi net>
Date: Fri, 30 May 2003 15:12:19 +0100

this is what im getting from 127.0.0.1/acid_main.php
Added 0 alert(s) to the Alert cache

Queried on : Fri May 30, 2003 15:08:37
Database: snort@localhost    (schema version: 0) 
Time window: no alerts detected Sensors: 0 
Unique Alerts: 0
Total Number of Alerts: 0
Source IP addresses: 0
Dest. IP addresses: 0
Unique IP links 0

Source Ports: 0
TCP ( 0)  UDP ( 0)
Dest. Ports: 0
TCP ( 0)  UDP ( 0)
 Traffic Profile by ProtocolTCP (0%)  
    
UDP (0%)  
    
ICMP (0%)  
    


----------------------------------------------------------------------------
----

Portscan Traffic (0%)   
    
 



Search 
Graph Alert data (EXPERIMENTAL) 

Snapshot Most recent Alerts: any protocol, TCP, UDP, ICMP 
Today's: alerts unique, listing; IP src / dst 
Last 24 Hours: alerts unique, listing; IP src / dst 
Last 72 Hours: alerts unique, listing; IP src / dst 
Most recent 15 Unique Alerts 

Last Source Ports: any , TCP , UDP 
Last Destination Ports: any , TCP , UDP 
 Most frequent 5 Alerts 

Most Frequent Source Ports: any , TCP , UDP 
Most Frequent Destination Ports: any , TCP , UDP 

Most frequent 15 addresses: source, destina 

-----Original Message-----
From: Robin Johnson 
Sent: 30 May 2003 15:11
To: 'Patrick S. Harper'; Robin Johnson
Cc: 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] (no subject)


Yep
In my snort.conf I have this entry
output database: log, mysql, dbname=snort user=snort host=localhost
password=abc

In the sql database I have the following
+-----------------+
| Tables_in_snort |
+-----------------+
| acid_ag         |
| acid_ag_alert   |
| acid_event      |
| acid_ip_cache   |
| event           |
| icmphdr         |
| iphdr           |
| sensor          |
| snort           |
| tcphdr          |
| udphdr          |
+-----------------+

When I run snort from the command line to /var/log/snort it works everytime!
but cant get it to log to the database
any ideas??




-----Original Message-----
From: Patrick S. Harper [mailto:lists () internetsecurityguru com]
Sent: 30 May 2003 06:02
To: Robin Johnson
Cc: 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] (no subject)


http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.7
http://www.snort.org/docs/faq.html#6.15

Did you compile with any options for databases?

check your snort.conf file


On Thu, 2003-05-29 at 05:42, Robin Johnson wrote:

Hi ,
excuse my ignorance but perhaps someone can help me!
new to the mailing list and first time in building snort2 with ACID on
Mandrake 9.1. running latest version of mysql and php.
My question is does any one know how to get snort to stop logging
locally and actually put the data into the mysql database so when acid
queries the database it gets back useful information
 
cheers
Rob



-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: (no subject), (continued)
- - RE: (no subject) Don Weber (Apr 08)
- RE: (no subject) Slighter, Tim (Apr 09)
- (no subject) Cory D. (Apr 09)
- (no subject) KD Rajkumar (Apr 13)
- RE: (no subject) Ryan Finnesey (Apr 13)
- (no subject) John Sage (Apr 14)
- (no subject) Robin Johnson (May 29)
  - Re: (no subject) Erick Mechler (May 29)
  - Re: (no subject) Patrick S. Harper (May 29)
- RE: (no subject) Robin Johnson (May 30)
- RE: (no subject) Robin Johnson (May 30)
  - RE: (no subject) Brian Gregorcy (May 30)
- (no subject) snrt (Jun 24)
  - Re: (no subject) James Nonya (Jun 24)
- (no subject) Juergen Anthamatten (Jun 25)