[REPOST] Snort not loging on MySql

["Di Fresco Marco" <superdif () ciaoweb it>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
I am re-sending this message because in the previous attempts I used
a different e-mail address from the one I using to be subscribed to
the list. So to the moderators: please disregard the previous e-mails
and forgive me.

I temporarily solved my previous problem ("Device didn't translate")
by setting in snort.conf the HOME_NET to my real IP address instead
of using (\Device\NPF_{18...3C}). At the moment Snort works, but I
have another problem.

Basically the problem is that Snort does not log on my MySql server.
I checked the archives of this ML and I also done a search on Google,
but the only two solutions I found were to try to drop the snort
database and recreate it, or to check the perimission of the snort
user to make sure it can write to the snort database; I tried both
solutions and they did not work (the implementation of the solutions
worked, but Snort still does not log).

Here my environment:
WinXP Pro. (full patched)
Snort 2.1.0
MySql 4.0.17
(all three software on the same standalone machine).

Here an extract of my snort.conf:
var HOME_NET [My IP address]
var EXTERNAL_NET !$HOME_NET
...
var SQL_SERVERS $HOME_NET
...
output database: log, mysql, user=snort@localhost
password=SNORTPASWORD dbname=snort host=localhost encoding=ascii
detail=full ignore_dbf=0
(all in one line)

For the part (of snort.conf) where all the rules are listed, I
changed the path from relative ($RULE_PATH\) to absoulute
(D:\Snort\rules\).

And here is the syntax I use to launc Snort: D:\Snort\bin\snort.exe
- -c "D:\snort\etc\snort.conf" -l "D:\snort\Log" - -A full -i 1 -I -d
- -e -X
(all in one line)

Any suggestion?

Thank in advance.



Di Fresco Marco
http://home.comcast.net/~superdif/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQIVAwUBQBtJIGFI2e+I8s0+AQKB0Q/+PfItcz4mve5ACDqvjHawvpfuV+uwd9zm
nAs2nAAPUvqD0oiw/kqqofwjvOU58p62n4ELMkUTDm7Xs7cMTqmK11ZXdbO69r1J
NHdx9H4UaXCP182z/r8WwHOPhqzvFCUAMz6eGcP8JdHgxQW7NatO/dOeodCbvCzC
4IhRF1tG/gQ985ktbwpLBw/jUokiK9MySZMq8QXz2znk2TEVcqPiZkVHFbRQqSow
93usOIl0azE9NagYSt9GN5KAGSgIUF91VOcRPUhVLY7nDAK43/sD5Ual4CmikXfl
m27wJGb4gGLfpzhKyDkMfTB6d9w/Drn53MFVGosAFkD6NDD2h+vajmo9sr10qgQH
3qUaTuaDmcAUirsIoNF8FXbJ+uLUMKelZDdr0fjcAaU1LibmIanO83fw2aR9+xDd
2pTmLWrgGi8nE8ZFFPLRIUcfycOfBmkIx8VRx5mj7c8DqUy46kwXfB/wfedLe9px
f1nuKjkjc3K/D83wIUvfDBxAkqkOkRdlMzgRicA9CRlpLGdoXCVY+dSGD9Ondejj
7WZ05H3e+KVgB9un/RzwiSG8+csdbr5hqXJFfeYB3/JaXA9AvjhxRotft5/4vL8z
otMhtk6c3gsAMRet9CaWMWBs85QE8QRaYbnW7bOegKItop5yUV6qUhxv4pLZD1pV
k9fFhHUIYT4=
=OHzN
-----END PGP SIGNATURE-----



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users