Logging to MySQL from Snort (Honeywall CD)

[Christian Larsen <christian () kladd net>]

Hello.

I¹m trying to get Snort on my honeywall to log against an external
mySQL-database. I¹ve added this line to /etc/snort/snort.conf:

output database: log, mysql, user=snort_user password=*******
dbname=snort_db host=*******

I¹ve set up the mysql-server (and know it¹s working, since I¹m already
running another snort-process from a different IDS-sensor against it), and
the honeywall-logs tell me that the Snort/MySQL-handshake is completed after
Snort is restarted.

My question is then: Why isn¹t Snort sending data to the database? Snort is
running and generating regular logs in /var/log/snort/xxx/, but nothing is
sent to the external database. Port 3306 is open, but there is no traffic
going out of the honeywall-GW on it.

Thank you.

Kind regards
Christian