Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort don't log to mysql server

From: carlopmart <carlopmart () gmail com>
Date: Mon, 04 Sep 2006 17:02:11 +0200
My responses ...

info+lucretia.ca wrote:

Details....

What version of mysql?

MySQL 4.1.20 under CentOS 4.4


What is the output configurations?


output database: log, mysql, user=idsuser password=IDSuser 
dbname=snortdb host=srvmgmt sensor_name=CorpIPS


Can you actually login to the snort db properly?

Yes without problems.


You tell us a problem with mysql logging, but then you state to use a test
rule to log to /var/log/snort not to a database?  Which is it?


My test rule:
alert icmp any any -> $HOME_NET any (msg:"ICMP test"; dsize:8; itype:8; 
sid:10000001;)

Events are logged under /var/log/snort/ ... but not in mysql ...




Good luck,

James Friesen, CIO
Lucretia Enterprises


-----Original Message-----
From: snort-users-bounces () lists sourceforge net
[mailto:snort-users-bounces () lists sourceforge net] On Behalf
Of carlopmart
Sent: Monday, September 04, 2006 6:32 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort don't log to mysql server

Hi all,

  I am testing snort 2.6 with aanval console. I have setup
snort with inline and mysql under CentOS 4.4 using src.rpm
package from snort's website.

  I have configured output log to mysql server. Sensor is
registered but any event is inserted under mysql ( i am using
a test rule that generates a lot of outputs to
/var/log/snort). Snort user has the right options.

Any ideas??




-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-- 
CL Martinez
carlopmart {at} gmail {d0t} com

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: