Snort mailing list archives
RE: Snort Logging on Linux but NOT to MYSQL on windows
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Thu, 13 Feb 2003 13:45:04 -0500
Did you just restart this MySQL instance? From the status information you sent (e.g., Uptime), it appears that this MySQL instance was just started. What we need to see is the MySQL status information *after* Snort has been running a while, and actively logging alerts to the /var/log/snort/alerts file. Since you are using both the alert and log facilities in Snort, every alert generated to the /var/log/snort/alert file should also generate an entry in the MySQL database. Let Snort run a day or so, then send us the MySQL status information. Also, you should be able to connect locally to your MySQL server as 'root', use 'show full processlist\G' command, and see an active connection for your Snort sensor. My process list looks like: *************************** 1. row *************************** Id: 64 User: snort Host: winnt4sensor.mydomain.com db: snort Command: Sleep Time: 7824 State: Info: NULL *************************** 2. row *************************** Id: 71 User: snort Host: win2ksensor.mydomain.com db: snort Command: Sleep Time: 163312 State: Info: NULL As you can see, my two Snort sensors are actively connected to the MySQL 'snort' database as the 'snort' user. You should see something similar. I kinda wish you were "next door" so that I could get a hands on, but I don't suppose that you're in the northern Virginia, USA, area are you? - Christopher -----Original Message----- From: mike Hughes [mailto:mikehughes013 () hotmail com] Sent: Thursday, February 13, 2003 5:52 AM To: bkarnold () cbu edu; CLuther () Xybernaut com; erek () snort org; snort-users () lists sourceforge net Subject: RE: Snort Logging on Linux but NOT to MYSQL on windows hey this is with my fresh INSTALL: Here are the commands output: status and variables: I know snort started properly on LINUX caseu i checked /var/log/messages and it did connect to windows mahine cause i checked netstat and my firewall says it connected esyablished 192.168.0.1 to 192.168.0.69 port 3306. Kerio says it reaceived 3016 bytes of data from 192.168.0.1 but nothng more: There are tables in the snort databse: Not sure why its not logging [snip... snip... snip...] | Uptime | 170 |
Current thread:
- Snort Logging on Linux but NOT to MYSQL on windows mike Hughes (Feb 11)
- Re: Snort Logging on Linux but NOT to MYSQL on windows Erek Adams (Feb 12)
- RE: Snort Logging on Linux but NOT to MYSQL on windows Vicky Mair (Feb 12)
- <Possible follow-ups>
- RE: Snort Logging on Linux but NOT to MYSQL on windows L. Christopher Luther (Feb 12)
- RE: Snort Logging on Linux but NOT to MYSQL on windows mike Hughes (Feb 13)
- Re: RE: Snort Logging on Linux but NOT to MYSQL on windows Erek Adams (Feb 13)
- RE: Snort Logging on Linux but NOT to MYSQL on windows L. Christopher Luther (Feb 13)