Snort mailing list archives

Re: (no subject)

From: "M. Shirk" <shirkdog_list () hotmail com>
Date: Mon, 01 Aug 2005 17:02:31 -0400

That was a fuxor of language :-)

> Is the output getting to the DB you defined??


What current analysis tool are you using? ACID/BASE/SnortSnarf (and others)

You can just connect to the DB and run SQL queries to find the last entry inthe DB.


Shirkdog
http://www.shirkdog.us

From: Jason Benway <benwaynet () gmail com>
Reply-To: Jason Benway <benwaynet () gmail com>
To: "M. Shirk" <shirkdog_list () hotmail com>
CC: snort-users () lists sourceforge net
Subject: Re: [Snort-users] (no subject)
Date: Mon, 1 Aug 2005 15:23:53 -0400

That is the only output command I have in my config.

What do you mean by "Is the output getting the DB you defined??"

I have old data in the database from before I upgraded.

Is there an easy way I could dump all the data from the database so I
can see if any new data is being written to the database?

I'm running snort from the snortd deamon. so I'm not sure what
commands are being passed.

jb

On 8/1/05, M. Shirk <shirkdog_list () hotmail com> wrote:
> Do you have any other output plugins specified?
>
> Is the output getting the DB you defined??
>
> (one more for question)
> What command lines arg's are you passing to snort?
>
> Shirkdog
> http://www.shirkdog.us
>
>
>
> >From: Jason Benway <benwaynet () gmail com>
> >Reply-To: Jason Benway <benwaynet () gmail com>
> >To: snort-users () lists sourceforge net
> >Subject: [Snort-users] (no subject)
> >Date: Mon, 1 Aug 2005 14:55:30 -0400
> >
> >I've running snort 2.3.3.
> >
> >Since I starting using the snort.conf from version 2.3.3, It seems
> >like snort is only writting to the log files. My configur looks like
> >this:
> >
> >output database: log, mysql, user=snort password=**********
> >dbname=snort host=localhost sensor_name=grand_haven
> >
> >my /var/log/snort/eth0
> >and
> >/var/log/snort/eth1
> >are full of log files.
> >
> >thanks,jb
> >
> >
> >-------------------------------------------------------
> >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> >from IBM. Find simple to follow Roadmaps, straightforward articles,
> >informative Webcasts and more! Get everything you need to get up to
> >speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users () lists sourceforge net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _________________________________________________________________

> On the road to retirement? Check out MSN Life Events for advice on howto

> get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


_________________________________________________________________

Dont just search. Find. Check out the new MSN Search!http://search.msn.click-url.com/go/onm00200636ave/direct/01/




-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

(no subject) Angelita de Cássia Corrêa (Jul 17)
- <Possible follow-ups>
- (no subject) Jason Benway (Aug 01)
  - Re: not logging to database Jason Benway (Aug 01)
  - Re: (no subject) Xavier Cabrera (Aug 01)
  - RE: (no subject) M. Shirk (Aug 01)
    - Re: (no subject) Jason Benway (Aug 01)
    - Re: (no subject) M. Shirk (Aug 01)
    - Snort rules for Jolt tommy garsia (Aug 02)
  - RE: (no subject) Jeff Dell (Aug 01)
    - Re: (no subject) Jason Benway (Aug 01)
  - Re: (no subject) Jason Brvenik (Aug 01)
    - Re: (no subject) Jason Benway (Aug 01)
    - Re: (no subject) Jason Brvenik (Aug 01)
    - Re: (no subject) Jason Benway (Aug 01)
- RE: (no subject) Joshua Berry (Aug 01)
- (no subject) T.C. (Sep 02)
  - RE: (no subject) Paul Melson (Sep 02)

(Thread continues...)