Re: snort unable to log alert to database mysql

[Y M <snort () outlook com>]

If you want to check snort is capturing packets you can use the -A console switch when running snort; this way each 
alert triggered will be displayed on the console instead of being logged into a file.
So your command may look like
/usr/snort/bin/snort -c /usr/snort/etc/snort.conf -i ethX -A console

Where  X is the interface on your box, eth0, eth1, or whatever its called.

You can enable protocol-icmp rules and test with pings.

YM
________________________________
From: TermVRL M
Sent: 12/2/2012 6:47 PM
To: Y M
Subject: Re: [Snort-users] snort unable to log alert to database mysql

for your info,
i manage to use tcpdump, to check my network card can sniff LAN packets.
my eth1, which is sniff interface can "see" traffic from my LAN.
i assume that i configure the nic correctly.

i also check the location of the snort rules.
all configure correctly in my snort.conf.

let say, i use nmap, and try to generate some traffic, how i want to know
that snort manage to see the traffic?


On Sun, Dec 2, 2012 at 10:23 PM, Y M <snort () outlook com> wrote:

>  Based on your snort's version then I would suggest using barnyard2 as
> the snort't database plugin is not supported anymore.
>
> Is your snort installed correctly? That's a tricky question. Getting
> "Commencing packet processing" means snort is running fine but it doesn't
> mean you should stop there. You to configure your rules, make sure that
> snort is seeing traffic, and that you have got an output mechanism(s) you
> are comfortable with i.e.: database, unified2, syslog, etc, and the GUI you
> will use to start analyzing alerts.
>
> YM
>  ------------------------------
> From: TermVRL M
> Sent: 12/2/2012 5:08 PM
> To: Y M
> Subject: Re: [Snort-users] snort unable to log alert to database mysql
>
>
> i am using  snort version 2.9.3.
> one more question, if im able to get "Commencing packet processing"
> message. is it my installation correct?
>
> thanks.
>
> On Sun, Dec 2, 2012 at 9:57 PM, Y M <snort () outlook com> wrote:
>
>  Which version of snort are you using?
>
> At my best knowledge, snort's own database output plugin is deprecated
> since 2.9.3.x.
>
> In that case, you will have to use barnyard2 to get alerts into the
> database.
>
> YM
>  ------------------------------
> From: TermVRL M
> Sent: 12/2/2012 4:42 PM
> To: Snort User (snort-users () lists sourceforge net);
> snort-users-request () lists sourceforge net
> Subject: [Snort-users] snort unable to log alert to database mysql
>
>
> Hi all,
>
> i get this error when try to log snort output to database..
>
> ERROR: /usr/local/snort/etc/snort.conf(535) Unknown output plugin:
> "database"
------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
DESIGN Expert tips on starting your parallel project right.
http://goparallel.sourceforge.net/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!