RE: Snort - Fatal Error

["Shankar" <list () zeeaccess com>]

On Monday, July 26, 2004 4:52 PM prabu wrote:
> To: Shankar; Snort-Users
> Subject: Re: [Snort-users] Snort - Fatal Error
> Hello Shankar,
>      First tell about your database configuration.I guess that u might
have
> not commented the (/etc/snort/snort.conf:453 line,since it is used for
> enabling log alerts to syslog.U should comment this line,if u want to
enable
> the databes loggging,since that line of the config file specifies to alert
> the output of logs to syslog.

> if u r using databes logging ,then ur snort.conf should have line as,
> for example,output database: log, mysql, dbname=snort user=root
> host=localhost password=kovai


dear prabu,

Thx for the mail/help. My database configuration is as below
output database: log, mysql, user=snort password=mypassword dbname=snort
host=localhost
i use user snort instead of root.

# mysql -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 26 to server version: 3.23.58

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+----------+
| Database |
+----------+
| mysql    |
| snort    |
| test     |
+----------+
3 rows in set (0.00 sec)

mysql> use snort
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+------------------+
| Tables_in_snort  |
+------------------+
| acid_ag          |
| acid_ag_alert    |
| acid_event       |
| acid_ip_cache    |
| data             |
| detail           |
| encoding         |
| event            |
| flags            |
| icmphdr          |
| iphdr            |
| opt              |
| protocols        |
| reference        |
| reference_system |
| schema           |
| sensor           |
| services         |
| sig_class        |
| sig_reference    |
| signature        |
| tcphdr           |
| udphdr           |
+------------------+
23 rows in set (0.00 sec)

mysql>


If i comment the Output line and type #snort -c /etc/snort/snort.conf then
process hangs here and i dont get my
# prompt back need to break it(ctrl^c)
   --== Initialization Complete ==--

-*> Snort! <*-
Version 2.1.3 (Build 27)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

thx in advance for ur mail/help.

Regards,
Shankar.





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users