Snort mailing list archives
Re: postgresql
From: Bryan Irvine <bryan.irvine () kingcountyjournal com>
Date: 02 Jul 2003 12:10:28 -0700
It's logging to postgres *yay* Thank you! --Bryan On Wed, 2003-07-02 at 11:57, Bryan Irvine wrote:
I ran this command (with my variables replaced for yours) and got an error that postgres wasn't even compiled in!! eek! *Do'h!* I did a recompile --with-postgresql and now it doesn't come back with any errors. I see these at start time ####################### database: compiled support for ( postgresql ) database: configured to use postgresql database: user = admin database: password is set database: database name = snort database: host = monitor.horvitznewspapers.net database: sensor name = 192.233.103.186 database: sensor id = 1 database: schema version = 106 database: using the "log" facility ####################### *yay* I have it running now, I will check back shortly to see if the db is populating. --Bryan On Wed, 2003-07-02 at 11:29, Jason K. Boykin wrote:Im using /usr/local/bin/snort -u snort -o -b -l /var/log/snort -d -D -i $INTERFACE -c /etc/snort/snort.conf Although Im logging it to localhost. snort.conf Under alert_syslog: Ive got output alert_fast: alert You could specify full here Under database: Im using output database: alert, postgresql, dbname=snort user=snort password=xxx host=localhost port=5432 try changing host to the ip your wanting to log to and the rest of the info needs to be correct. Here is a snippet from pg_hba.conf that you will need to modify to allow your snort machine to log to the database machine but it sounds like you already did this. # Put your actual configuration here # ---------------------------------- # This default configuration allows any local user to connect as any # PostgreSQL username, over either UNIX domain sockets or IP: local all trust host all 127.0.0.1 255.255.255.255 trust Hope this helps! On Wednesday 02 July 2003 12:36 pm, Bryan Irvine wrote:I'm trying to do remote logging with a postgresql db. I've configured postgres, and can log in remotely, all the tables ahve been created (via the create_postgresql script), I can log in run sql commands but can't figure out how to get snort to log to it. I've tried output database: alert, mysql, user=username dbname=snort host=hostname output database: log, mysql, user=username dbname=snort host=hostname output database: alert, mysql, user=username password=password \ dbname=snort host=hostname The snort command I'm running is snort -i xl1 -A FULL -c /usr/local/share/snort/snort.conf -l /var/www/htdocs/snort/xl1 I've tried without the -l option (thinking maybe it can't log to a directory and db at the same time) but then I get an error that /var/snortsomething doesn't exist. Any ideas? This seems like I'm so close... --Bryan------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- postgresql Bryan Irvine (Jul 02)
- Re: postgresql Jason K. Boykin (Jul 02)
- Re: postgresql Bryan Irvine (Jul 02)
- Re: postgresql Bryan Irvine (Jul 02)
- Re: postgresql Bryan Irvine (Jul 02)
- Re: postgresql Jason K. Boykin (Jul 03)
- Re: postgresql Bryan Irvine (Jul 03)
- Re: postgresql Bryan Irvine (Jul 02)
- Re: postgresql Jason K. Boykin (Jul 02)
- Re: postgresql Jason K. Boykin (Jul 02)