Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: database output plugin sensor_name parameter and ACID strangeness

From: "Che Wan Zaharudin" <azhar () essasia net>
Date: Wed, 28 Apr 2004 11:43:18 +0800


Hi,

Try this:

output database: alert, mysql, user=snort password=foo dbname=snort host=10.99.99.99 sensor_name=test_ce0


Thanks.

-----Original Message-----
From: Muntner, Adam [mailto:Adam.Muntner () pegs com] 
Sent: Wednesday, April 28, 2004 8:33 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] database output plugin sensor_name parameter and ACID strangeness

I've been doing some experimenting using multiple senors and a single console box, and have noticed the following 
behavior
 
Even if I set sensor_name in the output plugin list, it is not set in the list of sensors... rather, it will say 
"0.0.0.0:ce1" (the interface does not have an IP address and it is a gigabit nic interface named ce1)
 
If I go into the "sensor" table in the snort database, I can change the hostname field to whatever I like.  That works 
until I restart the sensor... Unfortunately, it's only persistent until I restart the Snort sensor.  Then, a new 
interface is added to the list named "0.0.0.0:ce1" and all the events end up attached to that sensor id.
 
Some advice would be appreciated!
 
My output line looks like:
output database: alert, mysql, dbname=snort, sensor_name=test_ce0 user=snort password=foo host=10.99.99.99
Adam Muntner, CISSP 
 

*****Confidentiality Notice***************** 
This message contains confidential
information and is intended only for the 
individual named.If you are not the named
addressee you should not disseminate, 
distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if 
you have received this e-mail by mistake and
delete this e-mail from your system.
********************************************




-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: