Snort mailing list archives
Can snort send alerts to the mysql database w/out ...output file?grep -i output /usr/local/etc/snort/snort.conf
From: "Jacob, Raymond A Jr" <raymond.jacob () navy mil>
Date: Sat, 11 Mar 2006 14:18:23 -0500
-----Original Message----- From: Jason [mailto:security () brvenik com] Sent: Thursday, March 09, 2006 15:55 To: Jacob, Raymond A Jr Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Solved Can snort send alerts to the mysql database without writing an output file? what is the output of grep -i output /usr/local/etc/snort/snort.conf or can you send me your snort.conf Jacob, Raymond A Jr wrote: --------------------------------------------------- % grep -i output snort.conf # 3) Configure output plugins #output-mode msg \ # "binary" to get them in a unified binary output # output-mode msg \ # Step #3: Configure output plugins # Uncomment and configure the output plugins you decide to use. General # configuration for output plugins is of the form: # output <name_of_plugin>: <configuration_options> # output alert_syslog: LOG_AUTH LOG_ALERT # output alert_syslog: LOG_AUTH LOG_ALERT # output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT # output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT #output log_null # The only argument is the output file name. # output log_tcpdump: tcpdump.log # output database: log, mysql, user=root password=test dbname=db host=localhost # output database: alert, postgresql, user=snort dbname=snort # output database: log, odbc, user=snort dbname=snort # output database: log, mssql, dbname=snort user=snort password=test # output database: log, oracle, dbname=snort user=snort password=test #output database: log, mysql, user=yyyy dbname=snort password=xxxxxx host=snorthost sensor_name=ids01 output database: log, mysql, user=yyyyy dbname=snort password=xxxxxx host=snorthost sensor_name=ids01 output database: log, mysql, user=yyyyy dbname=snort_archive password=xxxxxx host=snorthost sensor_name=ids01 # The unified output plugin provides two new formats for logging and generating # output alert_unified: filename snort.alert, limit 128 # output log_unified: filename snort.log, limit 128 # You can optionally define new rule types and associate one or more output # output log_tcpdump: suspicious.log # output alert_syslog: LOG_AUTH LOG_ALERT # output database: log, mysql, user=snort dbname=snort host=localhost ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Can snort send alerts to the mysql database w/out ...output file?grep -i output /usr/local/etc/snort/snort.conf Jacob, Raymond A Jr (Mar 11)
- Re: Can snort send alerts to the mysql database w/out ...output file?grep -i output /usr/local/etc/snort/snort.conf Dirk Geschke (Mar 11)
- <Possible follow-ups>
- RE: Can snort send alerts to the mysql database w/out ...output file?grep -i output /usr/local/etc/snort/snort.conf Jacob, Raymond A Jr (Mar 11)