Snort mailing list archives

RE: snort error

From: "Zeeshan Ahmed" <zeeshan () worldcall net pk>
Date: Tue, 10 Aug 2004 12:05:27 +0500

Use the following syntax in your /etc/snort/snort.conf

 

output database: log, mysql, user=snort password=test dbname=snort
host=localhost

 

 

And for any errors in your /var/log/messages.

 

 

Regards

Zeeshan Ahmed

  _____  

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ali Nasir
Hussain
Sent: Tuesday, August 10, 2004 10:44 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort error

 

I have installed snort but all the parameters are always ZERO.

I have run the command
snort -c /etc/snort/snort.conf
and it gives me following error.
----------------------------------------------------------------------------
-------------------------------------------------------------
ERROR: Fatal Error, Quitting..

USAGE: database plugin

 output database: [log | alert], [type of database], [parameter list]

 [log | alert] selects whether the plugin will use the alert or
 log facility.

 For the first argument, you must supply the type of database.
 The possible values are mysql, postgresql, odbc, oracle and
 mssql
 The parameter list consists of key value pairs. The proper
 format is a list of key=value pairs each separated a space.

 The only parameter that is absolutely necessary is "dbname".
 All other parameters are optional but may be necessary
 depending on how you have configured your RDBMS.

 dbname - the name of the database you are connecting to

 host - the host the RDBMS is on

 port - the port number the RDBMS is listening on

 user - connect to the database as this user

 password - the password for given user

 sensor_name - specify your own name for this snort sensor. If you
        do not specify a name one will be generated automatically

 encoding - specify a data encoding type (hex, base64, or ascii)

 detail - specify a detail level (full or fast)

 ignore_bpf - specify if you want to ignore the BPF part for a sensor

              definition (yes or no, no is default)

 FOR EXAMPLE:
 The configuration I am currently using is MySQL with the database
 name of "snort". The user " <mailto:snortusr@localhost> snortusr@localhost"
has INSERT and SELECT
 privileges on the "snort" database and does not require a password.
 The following line enables snort to log to this database.

 output database: log, mysql, dbname=snort user=snortusr host=localhost
----------------------------------------------------------------------------
--------------------------------------------------

I am using the following in snort.conf
output database:log, mysql, user=snort password=xyz dbname=snort
host=localhost

Current thread:

snort error Ali Nasir Hussain (Aug 09)
- <Possible follow-ups>
- snort error Ali Nasir Hussain (Aug 09)
  - RE: snort error Zeeshan Ahmed (Aug 10)