Snort mailing list archives
Re: Sylog-ng _and_ Mysql with Snort 2.0.0
From: Thomas Bechtold <thomas () jpberlin de>
Date: Thu, 19 Jun 2003 15:44:54 +0200
I tested Snort now with the following cmd-line Options snort -i eth0 -U -o -c /etc/snort/conf/snort.eth0.conf -D In my snort.eth0.conf file is the following line: output alert_syslog: LOG_AUTH LOG_ALERT I comment out the line with mysql, so now i only want to log to syslog-ng now. I think the Problem is syslog, because mysql without syslog works. Mysql _and_ syslog or only syslog doesn't work. Syslog-ng is up and running, but it doesn't log. Here is my syslog-ng Config-File: <-------------------------------- source src { internal(); unix-dgram("/dev/log"); } //For testing log to localhost, later to remote Machine destination localhost { file("/var/log/snortlog.all"); }; //Logging log { source(src); destination(localhost); }; -------------------------------> So anyone has anwers for my question why syslog doesn't work? Thomas Bechtold
On Thu, 19 Jun 2003, Thomas Bechtold wrote: I start Snort in Chroot-jail and with the Parameter '-s' for Syslog. In my snort.eth0.conf are the following lines: output database: alert, mysql, user=xxx password=xxx dbname=snort_log output alert_syslog: LOG_AUTH LOG_ALERTMaybe -s on the commandline override all other output options declared in snort.conf. Remove -s from commandline and keep the two output-lines in snort.conf. Does it work? (I don't know, I'm guessing) /Martin
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sylog-ng _and_ Mysql with Snort 2.0.0 Thomas Bechtold (Jun 19)
- Re: Sylog-ng _and_ Mysql with Snort 2.0.0 Erek Adams (Jun 19)
- <Possible follow-ups>
- Re: Sylog-ng _and_ Mysql with Snort 2.0.0 Thomas Bechtold (Jun 19)