Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sylog-ng _and_ Mysql with Snort 2.0.0

From: Thomas Bechtold <thomas () jpberlin de>
Date: Thu, 19 Jun 2003 15:44:54 +0200
I tested Snort now with the following cmd-line Options
snort -i eth0 -U -o -c /etc/snort/conf/snort.eth0.conf -D

In my snort.eth0.conf file is the following line:
output alert_syslog: LOG_AUTH LOG_ALERT
I comment out the line with mysql, so now i only want to log to syslog-ng now. 
I think the Problem is syslog, because mysql without syslog works. Mysql 
_and_ syslog or only syslog doesn't work.

Syslog-ng is up and running, but it doesn't log.
Here is my syslog-ng Config-File:
<--------------------------------
source src {
        internal();
        unix-dgram("/dev/log");
}

//For testing log to localhost, later to remote Machine
destination localhost {
              file("/var/log/snortlog.all");
};
//Logging
log {
             source(src); destination(localhost);
};
------------------------------->

So anyone has anwers for my question why syslog doesn't work?

Thomas Bechtold




On Thu, 19 Jun 2003, Thomas Bechtold wrote:
I start Snort in Chroot-jail and with the Parameter '-s' for Syslog.
In my snort.eth0.conf are the following lines:
output database: alert, mysql, user=xxx password=xxx dbname=snort_log
output alert_syslog: LOG_AUTH LOG_ALERT


Maybe -s on the commandline override all other output options declared in
snort.conf.
Remove -s from commandline and keep the two output-lines in snort.conf.

Does it work? (I don't know, I'm guessing)

/Martin




-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: