Snort mailing list archives
RE: No Activity Occurring on ACID
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 23 Jul 2004 09:37:26 -0500
--On Friday, July 23, 2004 07:26:54 AM -0400 "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG> wrote:
I have MySQL installed on the system, and have configured the snort.conf file with the following line: output database: log, mysql, user=snort password=XXXXXX dbname=snort host=127.0.0.1 port=3306 sensor_name=rosnort Snort is started at boot time via the /etc/init.d/snort script. Additionally, I have started snort manually with the following command syntax: /usr/local/bin/snort -A full -i eth0 -c /etc/snort/snort.conf -v
What do you see in /var/log/messages when snort is started up?
I did a check of the snort database to see if anything is being logged there. When I run the select count (*) from event; command I get 0 which would appear to indicate the data is not being posted into the database. If that is the case, does that mean there is a permissions issue at work here, or something else?
That's correct. Nothing is being logged to the db.
Yes, but did you login to the db using the same *user* and pass that snort is trying to us? mysql -u user -pFYI: To access the mysql database I ran the following command: /usr/local/mysql/bin/mysql -p and provided the password.
Note you can also run "snort -T" to run snort and test everything. (It will use the conf file if it's in the default location. Yours appears to be.) This will print to stdout, so you can pipe it through less and read the output.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No Activity Occurring on ACID Kaplan, Andrew H. (Jul 22)
- Re: No Activity Occurring on ACID Paul Schmehl (Jul 22)
- <Possible follow-ups>
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 22)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)