Honeypots mailing list archives
Logging to MySQL from the Honeywall CD
From: Christian Larsen <christian () kladd net>
Date: Wed, 02 Mar 2005 12:30:13 +0100
Hello. I¹m trying to get Snort on my honeywall to log against an external mySQL-database. I¹ve added this line to /etc/snort/snort.conf: output database: log, mysql, user=snort_user password=******* dbname=snort_db host=******* I¹ve set up the mysql-server (and know it¹s working, since I¹m already running another snort-process from a different IDS-sensor against it), and the honeywall-logs tell me that the Snort/MySQL-handshake is completed after Snort is restarted. My question is then: Why isn¹t Snort sending data to the database? Snort is running and generating regular logs in /var/log/snort/xxx/, but nothing is sent to the external database. Port 3306 is open, but there is no traffic going out of the honeywall-GW on it. Thank you. Kind regards Christian
Current thread:
- GenII Honeynet with NAT Martin Kristensen (Mar 01)
- RE: GenII Honeynet with NAT Andre Derek Protas (Mar 02)
- <Possible follow-ups>
- RE: GenII Honeynet with NAT Stejerean, Cosmin (Mar 02)
- Logging to MySQL from the Honeywall CD Christian Larsen (Mar 02)
- Re: Logging to MySQL from the Honeywall CD Patrick McCarty (Mar 02)
- Logging to MySQL from the Honeywall CD Christian Larsen (Mar 02)