Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Using ACID AND SnortSnarf - How?

From: "Ralf Henze " <Ralf-Chr.Henze () alumni TU-Berlin DE>
Date: Thu, 11 Dec 2003 22:14:39 +0100
Hi,
I would like to use ACID with MySQL and SnortSnarf.
But when I run snort I've success just in one way:

1. /usr/local/bin/snort -i ppp0 -i eth1 -i eth0 -c /etc/snort/snort.conf  -l /var/log/snort/  \
    -A full -u ids -g ids -o -D 

    -A full: snort log to file /var/log/snort/alert     
           and I can use SnortSnarf but there is no  logging to MySQL Database

2. The same as under 1. but without "-A full / fast"
    
     snort is logging to MySQL but there is no more output to /var/log/snort/alert and 
therefore I can't use SnortSnarf

Use of the binary output configured in snort.conf:

output alert_unified: filename /var/log/snarf/alert, limit 128
output log_unified: filename /var/log/snarf/snort.log, limit 128

is not readable from perlscript "snortsnarf.pl"

Any help?    
Thanks
Ralf
                        
        
---
Ralf-Chr.Henze
email: Ralf-Chr.Henze () alumni TU-Berlin De




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: