Snort mailing list archives
FW: Not logging to MYSQL
From: Jeremy Campbell <jrcampbell () southbank com>
Date: Mon, 28 Apr 2003 16:09:25 -0500
Found the problem, Works fine when I leave out the "-A fast" in the command line... -----Original Message----- From: Jeremy Campbell Sent: Monday, April 28, 2003 2:25 PM To: 'snort-users () lists sourceforge net' Subject: Not logging to MYSQL I'm having trouble getting Snort to log to MySQL. I don't seem to be getting any errors indicating why. I'm running FreeBSD, installed Snort out of the ports WITH_MYSQL=yes so the mysql client is installed. MySQL client works because I can type 'mysql -h database blah blah' /usr/local/share/snort/snort.conf | grep output output database: log, mysql, user=******** password=******** dbname=snort host=*.*.*.* detail=full Starting Snort with: /usr/local/bin/snort -A fast -l /usr/local/var/log/snort-ext -c /usr/local/share/snort/snort.conf -i xl0 -D Getting in /var/log/messages when I start snort: Apr 28 14:08:11 sb_fw /kernel: xl0: promiscuous mode enabled Apr 28 14:08:11 sb_fw snort: Initializing daemon mode Apr 28 14:08:11 sb_fw snort: PID path stat checked out ok, PID path set to /var/run/ Apr 28 14:08:11 sb_fw snort: Writing PID "72238" to file "/var/run//snort_xl0.pid" Apr 28 14:08:11 sb_fw snort: http_decode arguments: Apr 28 14:08:11 sb_fw snort: Unicode decoding Apr 28 14:08:11 sb_fw snort: IIS alternate Unicode decoding Apr 28 14:08:11 sb_fw snort: IIS double encoding vuln Apr 28 14:08:11 sb_fw snort: Flip backslash to slash Apr 28 14:08:11 sb_fw snort: Include additional whitespace separators Apr 28 14:08:11 sb_fw snort: Ports to decode http on: 80 Apr 28 14:08:11 sb_fw snort: rpc_decode arguments: Apr 28 14:08:11 sb_fw snort: Ports to decode RPC on: 111 32771 Apr 28 14:08:11 sb_fw snort: alert_fragments: INACTIVE Apr 28 14:08:11 sb_fw snort: alert_large_fragments: ACTIVE Apr 28 14:08:11 sb_fw snort: telnet_decode arguments: Apr 28 14:08:11 sb_fw snort: Ports to decode telnet on: 21 23 25 119 Apr 28 14:08:11 sb_fw snort: command line overrides rules file alert plugin! Using tcpdump, I don't see any traffic to or from the SNORT box on the MYSQL box, it's just not even trying to send anything out... Snort does log to /usr/local/var/log/snort-ext/alert Thanks, Jeremy... ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FW: Not logging to MYSQL Jeremy Campbell (Apr 29)
- <Possible follow-ups>
- Not logging to MYSQL Jeremy Campbell (Apr 29)
- Re: Not logging to MYSQL Erick Mechler (Apr 29)