Snort mailing list archives
RE: Snort 1.9, RH 7.3 and Acid
From: "Beckett, Josh" <JBeckett () enviance com>
Date: Mon, 7 Oct 2002 08:32:29 -0700
The -o switch is there, but just to clarify on the "output database:" line... The previous conf file for 1.8.7 had the settings "log, mysql, etc..." which is what I use for the conf file for 1.9.0. From the commented out examples in the conf file, it looks like postgre uses alert and mysql uses log...are you sure that changing from log to alert is correct for mysql? J- -----Original Message----- From: Slighter, Tim [mailto:tslighter () itc nrcs usda gov] Sent: Monday, October 07, 2002 8:14 AM To: Beckett, Josh; snort-users () lists sourceforge net Subject: RE: [Snort-users] Snort 1.9, RH 7.3 and Acid did you check the snort.conf file to ensure that on the output line it is using "alert" instead of "log" ? Also, you may have to start snort with the -o option to change the order for snort output. -----Original Message----- From: Beckett, Josh [mailto:JBeckett () enviance com] Sent: Friday, October 04, 2002 2:14 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort 1.9, RH 7.3 and Acid Ok...I was excited by the announcement of 1.9 and went and did a dumb thing...upgraded right on a production box. I did my initial setup using the doc from the snort website "Snort Installation Manual: Snort, MySQL and ACID on RedHat 7.3" (great doc, btw). Every thing went fine relative to the upgrade, etc. Compiled fine, used the new conf file and "current" rules set. Snort seems to be running fine, but doesn't seem to want to log to ACID-MySQL. As a troubleshooting measure, I set "log to file" on as well as log to db, I can see alerts going into a file, but not the db. I've even gone and blown away the db's and re-set them up, using the steps outlined in the paper. Still no joy. I've triple checked the snort.conf file for silly things, like bad rules path, bad db password and user name and everything seems to be fine...still no alerts in the db, but alerts pop up in the file. I've even checked the configure.log to make sure that I compiled with the --with-mysql switch...good there. Any other places to check, where I might be having a problem? Thanks, Josh ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 04)
- Re: Snort 1.9, RH 7.3 and Acid Addam Schroll (Oct 04)
- <Possible follow-ups>
- RE: Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 04)
- RE: Snort 1.9, RH 7.3 and Acid Slighter, Tim (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Erek Adams (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Kevin Brown (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 08)
- RE: Snort 1.9, RH 7.3 and Acid Erek Adams (Oct 08)