Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort 2.x does not logs into MySQL

From: "Michael Steele" <michaels () winsnort com>
Date: Fri, 29 Oct 2004 20:23:48 -0700
There needs to be something that will trigger an alert in order for there to
be something in there.

Try adding these to a file called test.rules and edit your snort.conf to
load the new rule set

alert icmp any any -> any any
alert tcp any any -> any any

Then add a -o to your snort run line

Then restart Snort and do some browsing of the web and you should get a LOT
of alerts.

You can do a tcp dump of port 3306 on your MySQL server to see if there are
any alerts getting through.

Kindest regards, 
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



-----Original Message-----
From: snort-users-admin () lists sourceforge net [mailto:snort-users-
admin () lists sourceforge net] On Behalf Of Esler, Joel - Contractor
Sent: Friday, October 29, 2004 11:47 AM
To: linux2003; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort 2.x does not logs into MySQL

Do you have the ICF enabled on your SP2 WinXP machine?

J

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of linux2003
Sent: Tuesday, October 26, 2004 12:28 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort 2.x does not logs into MySQL


Hi everyone,

I have setup a Snort w/MySQL on Windows Xp SP2 machine with no problem.
However when I  run the Snort no logs are logged into database.
Database setting as well as the conf file looks fine and OK.

Any idea what I am missing here ??

---
Running in packet dump mode
Log directory = log

Initializing Network Interface
\Device\NPF_{1689EEEC-0514-41E1-BFCF-F172473E95C0}

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface
\Device\NPF_{1689EEEC-0514-41E1-BFCF-F172473E95C0}

        --== Initialization Complete ==--

-*> Snort! <*-
Version 2.2.0-ODBC-MySQL-FlexRESP-WIN32 (Build 30)
By Martin Roesch (roesch () sourcefire com, www.snort.org) 1.7-WIN32 Port
By Michael Davis (mike () datanerds net,
www.datanerds.net/~mike)
1.8 - 2.x WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com)

Snort sucessfully loaded all rules and checked all rule chains! Snort
exiting
--------------
No logs in MySQL at all ...

Thanks for your input,
Roman



-------------------------------------------------------
This Newsletter Sponsored by: Macrovision
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate
today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id065&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users






-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: