Snort mailing list archives
Re: loggin issue
From: roman () danyliw com
Date: Thu, 10 May 2001 21:15:11 US/Eastern
Well, -N disables the log facility and only enables the alert facility. However, from your previous email, it would appear that you have set the database plug-in to only read the log facility. Either remove the -N or reconfigure the DB plugin to use alert output database: log, postgresql, user=root ... ^^^ |========= with -N this needs to be alert cheers, Roman
nope no loggin and no -A I use this /usr/local/bin/snort -c /var/snort/snort.conf -N L8rZ, )\_/( < o,0 > ~ \ / KoAps ----- Original Message ----- From: <roman () danyliw com> To: "Koaps" <koaps () 2nutz com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, May 10, 2001 8:35 AM Subject: Re: [Snort-users] loggin issue Is it logging anywhere else (e.g. to a file)? What does you command line look like? Does it have a "-A", if so remove it. RomanI don't get it.... I have Snort 1.7 on OpenBSd it's telling me it's seeing Packets, it's sending alerts, but I see nodatain mysql....=============================================================================== Snort received 5065 packets and dropped 0(0.000%) packets Breakdown by protocol: Action Stats: TCP: 5048 (99.664%) ALERTS: 7 UDP: 0 (0.000%) LOGGED: 7 ICMP: 12 (0.237%) PASSED: 0 ARP: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) DISCARD: 0 (0.000%) ======================================= connect info Initializing rule chains... database: compiled support for ( mysql ) database: configured to use mysql database: user = ids database: password is set database: database name = snortdb database: host = 192.168.69.5 database: sensor name = 192.168.69.12 database: sensor id = 2 database: using the "log" facility 796 Snort rules read... 796 Option Chains linked into 114 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ I am using ACID to look at the SnortDB I can see it's registered in the database as a sensor... I just see no data from it L8rZ, )\_/( < o,0 > ~ \ / KoAps _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- loggin issue Koaps (May 10)
- <Possible follow-ups>
- Re: loggin issue roman (May 10)
- Re: loggin issue roman (May 10)