Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snot Newb Question

From: "Shaun Gray" <SGray () medford k12 nj us>
Date: Mon, 19 Apr 2004 13:45:50 -0400
Please forgive my questions as I am very used to the M$ and Novell NOS.
Now I have uncommented that line and when I run snort -c
/etc/snort/snort.conf there is a fatal error at the end.  It says
"Undefined Variable /etc/snort/snort.conf:448". When I comment that line
out again it runs fine.  I am assuming that my path may be off a bit,
but too me it appears correct.  I have pasted below.

Thanks,

Shaun

# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more information about configuring
# and using this plugin.
#
output database: log, mysql, user=snort password=password dbname=snort
host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, unixodbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test

-----Original Message-----
From: Bryan Irvine [mailto:bryan.irvine () kingcountyjournal com] 
Sent: Monday, April 19, 2004 12:57 PM
To: Shaun Gray
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snot Newb Question

this part:
###BEGIN PASTE###
# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more information about configuring
# and using this plugin.
#
# output database: log, mysql, user=snort password=secret dbname=snort
host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, unixodbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
###END PASTE###

You havn't set snort to log to a database.

uncomment the appropriate line (hint: probably the first line) and
modify to match your DB.

-Bryan

On Mon, 2004-04-19 at 09:52, Shaun Gray wrote:

I'm not sure which line is the DB one so I have attached the entire
file.  Opening it via IE works.

-----Original Message-----
From: Bryan Irvine [mailto:bryan.irvine () kingcountyjournal com] 
Sent: Monday, April 19, 2004 12:07 PM
To: Shaun Gray
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snot Newb Question

could you post the database line of your snort.conf?

--Bryan

On Mon, 2004-04-19 at 08:24, Shaun Gray wrote:

Stats and alerts are showing up when I run "snort -c
/etc/snort/snort.conf".  But when I look at ACID no activity shows
up.  I have a feeling this is something very simple but, I can't put
my finger on it.  Can anyone lend some advice on this issue?

 

Thanks,

 

Shaun Gray

Network Engineer

Medford Township Board of Education

 








-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: