Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort IDS mode and mssql

From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 2 Aug 2004 23:22:27 -0400
Hi Adam,
Try adding a "-l ." switch at the command line. What alerting option are you using? You might want to try something like the syslog or "-A none" switch if you aren't using the real-time alerting stuff. 

     -Marty


On Jul 30, 2004, at 10:54 AM, Adam Maxwell wrote:


Hi, I have just installed snort on a laptop running
 
Windows 2003 Standard Server
SQL 2000 SP3a
Snort-2_2_0RC1
 
I have created a database called snort with a username "snort" and password "snort". I have created the database schema, and also created a ODBC link to the database. The snort user has db_owner rights to the database. 
 
When I use snort with the -c option i get an error saying can't write to log directory, can someone tell me the correct settings in my snort.conf file. This is what I have tried 
 
"output database: log, mssql, dbname=snort, user=snort, host=localhost password=snort" 
 
The error I get is.
 
ERROR: Can not write access to logging directory "log". (directory doesn't exist or permissions are set incorrectly or it is not a directory at all) 
 
Fatal Error, Quitting


 **********************************************************
 This e-mail, including attachments, is confidential and is
 intended for view by the addressee only.

 Any views, opinions and judgements expressed are
 solely those of the author and may not reflect those

 If you have received this message in error, or have
 concerns about the use of this account, please
 contact: postmaster () elliott-group co uk .
 For more information about The Elliott Group Ltd,
 please visit the Web site at http://www.elliott-group.co.uk

 This footnote also confirms that this e-mail message
 has been swept by MIMEsweeper for the presence of
 computer viruses.
 **********************************************************


--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: