Snort mailing list archives
RE: sql and acid
From: "Hutchinson, Andrew" <Andrew.Hutchinson () Vanderbilt edu>
Date: Tue, 11 Feb 2003 12:56:36 -0600
1.> Your command line output option (-A fast) overrides your output line in your snort.conf file. As such, I must ask question #2 ... 2.> What does your snort.conf output line look like? You'll never log to the database if you haven't set up the snort.conf file correctly. Andrew Hutchinson Vanderbilt University Medical Center Informatics / NCS / Network Security (615) 936-2856 -----Original Message----- From: tanis () knology net [mailto:tanis () knology net] Sent: Tuesday, February 11, 2003 12:27 PM To: snort-users () lists sourceforge net Subject: [Snort-users] sql and acid ok let me try to explain this so I can get some kind of sleep. I set up snort on my Redhat 8.0 box. I installed MySql and ACID. Now I have a database that says snort. I am using Webmin to look at my snort DBase. Now I open all the tables and there is no data. I used the script it calls for in the pdf at snort.org for sql and Acid for 7.3. I have followed the directions to the T. Nothing. my user for the DBase is root. Not smart I know but I want to keep it simple till I no for sure I can run this right. ok so here is my snortd script. # INTERFACE=eth1 # See how we were called. # case "$1" in # start) # echo -n "Starting snort: " # cd /var/log/snort # daemon /usr/sbin/snort -A fast -b -l /var/log/snort -d -D \ # -i $INTERFACE -c /etc/snort/snort.conf # touch /var/lock/subsys/snort # echo this is not commented out in the script. it is just for this email. can someone send me a copy of there snortd script that is working with Mysql? because if snort is not populating the tables I can not get any data from ACID. Is this right? Tanis ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sql and acid tanis () knology net (Feb 11)
- <Possible follow-ups>
- RE: sql and acid Hutchinson, Andrew (Feb 11)