Snort mailing list archives
RE: Snot Newb Question
From: Mark Fagan <r00t () online ie>
Date: Mon, 19 Apr 2004 19:55:38 +0100
Shaun, You would probably want to keep your DB connection string on a single line or at least continue the string on the next line. output database:log,mysql,user=snort password=password dbname=snort host=snort If you still have issues please send me the output of: snort -vde -i eth0 (Assuming you are running Snort on Eth0) Offlist !! Cheers Mark Quoting Shaun Gray <SGray () medford k12 nj us>:
Please forgive my questions as I am very used to the M$ and Novell NOS. Now I have uncommented that line and when I run snort -c /etc/snort/snort.conf there is a fatal error at the end. It says "Undefined Variable /etc/snort/snort.conf:448". When I comment that line out again it runs fine. I am assuming that my path may be off a bit, but too me it appears correct. I have pasted below. Thanks, Shaun # database: log to a variety of databases # --------------------------------------- # See the README.database file for more information about configuring # and using this plugin. # output database: log, mysql, user=3Dsnort password=3Dpassword = dbname=3Dsnort host=3Dlocalhost # output database: alert, postgresql, user=3Dsnort dbname=3Dsnort # output database: log, unixodbc, user=3Dsnort dbname=3Dsnort # output database: log, mssql, dbname=3Dsnort user=3Dsnort = password=3Dtest -----Original Message----- From: Bryan Irvine [mailto:bryan.irvine () kingcountyjournal com]=20 Sent: Monday, April 19, 2004 12:57 PM To: Shaun Gray Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Snot Newb Question this part: ###BEGIN PASTE### # database: log to a variety of databases # --------------------------------------- # See the README.database file for more information about configuring # and using this plugin. # # output database: log, mysql, user=3Dsnort password=3Dsecret = dbname=3Dsnort host=3Dlocalhost # output database: alert, postgresql, user=3Dsnort dbname=3Dsnort # output database: log, unixodbc, user=3Dsnort dbname=3Dsnort # output database: log, mssql, dbname=3Dsnort user=3Dsnort = password=3Dtest ###END PASTE### You havn't set snort to log to a database. uncomment the appropriate line (hint: probably the first line) and modify to match your DB. -Bryan On Mon, 2004-04-19 at 09:52, Shaun Gray wrote:I'm not sure which line is the DB one so I have attached the entire file. Opening it via IE works. =20 -----Original Message----- From: Bryan Irvine [mailto:bryan.irvine () kingcountyjournal com]=20 Sent: Monday, April 19, 2004 12:07 PM To: Shaun Gray Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snot Newb Question =20 could you post the database line of your snort.conf? =20 --Bryan =20 On Mon, 2004-04-19 at 08:24, Shaun Gray wrote:Stats and alerts are showing up when I run "snort -c /etc/snort/snort.conf". But when I look at ACID no activity shows up. I have a feeling this is something very simple but, I can't put my finger on it. Can anyone lend some advice on this issue? =20 =20 =20 Thanks, =20 =20 =20 Shaun Gray =20 Network Engineer =20 Medford Township Board of Education =20 =20 =20 =20=20------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snot Newb Question Shaun Gray (Apr 19)
- Re: Snot Newb Question Bryan Irvine (Apr 19)
- <Possible follow-ups>
- RE: Snot Newb Question Shaun Gray (Apr 19)
- RE: Snot Newb Question Bryan Irvine (Apr 19)
- RE: Snot Newb Question Bryan Irvine (Apr 19)
- RE: Snot Newb Question Bryan Irvine (Apr 19)
- RE: Snot Newb Question Shaun Gray (Apr 19)
- RE: Snot Newb Question Bryan Irvine (Apr 19)
- RE: Snot Newb Question Mark Fagan (Apr 19)
- RE: Snot Newb Question Harper, Patrick (Apr 19)
- RE: Snot Newb Question Shaun Gray (Apr 19)
- RE: Snot Newb Question Randy Walinga (Apr 19)
- RE: Snot Newb Question Harper, Patrick (Apr 19)
- RE: Snot Newb Question Harper, Patrick (Apr 19)