What causes snort rules to insert into mysql.

[Richard Buskirk <rbuskirk () planettele com>]

If I have a rule that is like this.

Alert tcp $HOME_NET any -> !HOME_NET 21 (msg:" TCP ftp-data File Transfer";sid:1010;)

I just made up the sid. I am still not understanding how this works I guess. It logs this all day long in the 
/var/log/snort/alert file.
Is there something special I have to do to it to make it log into the mysql database?
Do I have to be careful on the sid numbers I assign to rules?


mysqld (pid 3086) is running...

I can login with the snort user
mysql -u snorter -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.0.45 Source distribution
mysql>

I have full access to the tables required.
mysql> SELECT * FROM snort.detail;
+-------------+-------------+
| detail_type | detail_text |
+-------------+-------------+
|           0 | fast        |
|           1 | full        |
+-------------+-------------+
2 rows in set (0.00 sec)
mysql>


mysql> INSERT INTO snort.data (sid,cid,data_payload) VALUES ('1','1','test');
Query OK, 1 row affected (0.00 sec)

But none of the rules are inserting into mysql.

Snort is configured -with-mysql.

HELP lol.....

------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users