RE: How to log on MySql

["Michael Steele" <michaels () winsnort com>]

Can you tell me why you are using the -de and -A switches?

To start off try removing the optional switches above and then try running
Snort again. If that works then add the switches in until Snort quits.

Remove the detail= switch in the output database line.

If you don't care about the actual alert.ids log file them I think you can
just omit the -l <path to log folder>

If you are new to Snort you should be setting up the basics first then start
adding additional switches.

Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels () winsnort com    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org

> -----Original Message-----
> From: snort-users-admin () lists sourceforge net [mailto:snort-users-
> admin () lists sourceforge net] On Behalf Of Snort
> Sent: Friday, November 21, 2003 7:23 AM
> To: Damiano Bolzoni
> Cc: Snort-users () lists sourceforge net
> Subject: RE: [Snort-users] How to log on MySql
>
> Check your snort_output.log file and see if there are any errors.
>
> -----Original Message-----
> From: Damiano Bolzoni [mailto:damiano.bolzoni () tin it]
> Posted At: Friday, November 21, 2003 6:00 AM
> Posted To: Snort
> Conversation: [Snort-users] How to log on MySql
> Subject: [Snort-users] How to log on MySql
>
> Hi all,
> I've installed Snort on Windows XP and EasyPHP in order to log on MySql
> and
> use Acid. I've modified "snort.conf" in order to log alerts on Mysql:
>
> output database: log, mysql, user=snortusr password=snortusr
> dbname=snort
> host=127.0.0.1 port=3306 detail=full
>
> output database: alert, mysql, user=snortusr password=snortusr
> dbname=snort
> host=127.0.0.1 port=3306 detail=full
>
> then I execute snort with these paramaters:
>
> snort -de -c C:\Ids\Snort\etc\snort.conf -l C:\Ids\Snort\log -A full
>
> but it only logs in "log" directory...I've verified that user "snortusr"
> has
> priviliges to access and modify database "snort".
>
> What's wrong?!?
>
> Thanx!
>
> Damiano
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users