Re: snort ?> mysql

[Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>]

Hi,

Are you connecting to localhost or the remote one?

If it is a remote host you can try "netstat -nap" to see
if Snort is connecting. You should see something like this:

tcp 0 0 172.16.0.1:38641  172.16.0.254:3306   ESTABLISHED -

Run Snort with the "-T" switch:

snort -c /etc/snort.conf -i eth0 -T

and post the results here...

Regards,

Edin


Roger Brown wrote:
> Nothing in the logs that stands out to me - since snort is starting
> up ok I'm not sure what to be looking for.
>
>
> > > > Ralf Spenneberg <lists () spenneberg org> 08/15/03 01:00AM >>>
>
> Am Fre, 2003-08-15 um 01.08 schrieb Roger Brown:
>
> > From the snort box I did a > mysql -u snort -p --host=10.10.10.10
> >  and it connected ok
> >
> > From the mysql database server I did a $ echo "SELECT count(*) FROM
> >  event" | snort -u root -p
> >
> > and got a count (*) of 0
> >
> > Below is a insert of my snort.conf file output database: log,
> > mysql, user=snort password=mypass dbname=snort host=10.10.10.10
>
> Any hint in the snort logs when starting up?
>
> Cheers,
>
> Ralf

-- 
Edin Dizdarevic



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users