Snort mailing list archives
Re: snort ?> mysql
From: "Roger Brown" <roger.brown () intervoice com>
Date: Mon, 25 Aug 2003 14:03:56 -0500
I'm connecting to a remote; thanks for the -T switch; here's what I came up with. It looks like I have a problem with the mysql build - I tried the ./configure and didn't get any errors but I still get the message below: telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 database: compiled support for ( ) database: configured to use mysql database: 'mysql' support is not compiled into this build of snort ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm, or Windows), then check for alternate builds that contains the necessary 'mysql' support. If this build of snort was compiled by you, then re-run the the ./configure script using the '--with-mysql' switch. For non-standard installations of a database, the '--with-mysql=DIR' syntax may need to be used to specify the base directory of the DB install. See the database documentation for cursory details (doc/README.database). and the URL to the most recent database plugin documentation. Fatal Error, Quitting..
Edin Dizdarevic <edin.dizdarevic () interActive-Systems de> 08/21/03 10:40AM >>>
Hi, Are you connecting to localhost or the remote one? If it is a remote host you can try "netstat -nap" to see if Snort is connecting. You should see something like this: tcp 0 0 172.16.0.1:38641 172.16.0.254:3306 ESTABLISHED - Run Snort with the "-T" switch: snort -c /etc/snort.conf -i eth0 -T and post the results here... Regards, Edin Roger Brown wrote:
Nothing in the logs that stands out to me - since snort is starting up ok I'm not sure what to be looking for.Ralf Spenneberg <lists () spenneberg org> 08/15/03 01:00AM >>>Am Fre, 2003-08-15 um 01.08 schrieb Roger Brown:From the snort box I did a > mysql -u snort -p --host=10.10.10.10 and it connected ok From the mysql database server I did a $ echo "SELECT count(*) FROM event" | snort -u root -p and got a count (*) of 0 Below is a insert of my snort.conf file output database: log, mysql, user=snort password=mypass dbname=snort host=10.10.10.10Any hint in the snort logs when starting up? Cheers, Ralf
-- Edin Dizdarevic
Current thread:
- Re: snort ?> mysql Roger Brown (Aug 20)
- Re: snort ?> mysql Edin Dizdarevic (Aug 22)
- <Possible follow-ups>
- Re: snort ?> mysql Roger Brown (Aug 25)
- Re: snort ?> mysql Erek Adams (Aug 26)
- Re: snort ?> mysql Edin Dizdarevic (Aug 25)