Snort mailing list archives

RE: No Activity Occurring on ACID

From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 23 Jul 2004 09:37:26 -0500

--On Friday, July 23, 2004 07:26:54 AM -0400 "Kaplan, Andrew H."<AHKAPLAN () PARTNERS ORG> wrote:

I have MySQL installed on the system, and have configured the snort.conf
file with the following line:

output database: log, mysql, user=snort password=XXXXXX dbname=snort
host=127.0.0.1 port=3306 sensor_name=rosnort

Snort is started at boot time via the /etc/init.d/snort script.
Additionally, I have started snort manually with
the following command syntax:

/usr/local/bin/snort -A full -i eth0 -c /etc/snort/snort.conf -v

What do you see in /var/log/messages when snort is started up?

I did a check of the snort database to see if anything is being logged
there. When I run the select count (*) from event;
command I get 0 which would appear to indicate the data is not being
posted into the database. If that is the case, does
that mean there is a permissions issue at work here, or something else?

That's correct.  Nothing is being logged to the db.

FYI: To access the mysql database I ran the following command:
/usr/local/mysql/bin/mysql -p and provided the password.

Yes, but did you login to the db using the same *user* and pass that snortis trying to us? mysql -u user -p

Note you can also run "snort -T" to run snort and test everything. (Itwill use the conf file if it's in the default location. Yours appears tobe.) This will print to stdout, so you can pipe it through less and readthe output.


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

No Activity Occurring on ACID Kaplan, Andrew H. (Jul 22)
- Re: No Activity Occurring on ACID Paul Schmehl (Jul 22)
- <Possible follow-ups>
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 22)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
  - RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Harper, Patrick (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)
  - RE: No Activity Occurring on ACID Paul Schmehl (Jul 23)
- RE: No Activity Occurring on ACID Kaplan, Andrew H. (Jul 23)