Snort mailing list archives
Yet another alert not being logged to mysql database[edited]
From: "Jacob, Raymond A Jr" <raymond.jacob () navy mil>
Date: Wed, 21 Apr 2004 17:49:20 -0400
running snort 2.1.2(Build 25) on openbsd with bridging(on sensor side) and packetfiltering(management side) Setup for testing cross connected cable, workstation running nmap and snortbox. Doing syn scans against one address. snort works in packet sniffing mode. per: http://www.andrew.cmu.edu/~rdanyliw/snort/snortdb/snortdb_faq.html#faq_b2 I changed:(not real snort.conf using config from above url). output database: log, mysql, user=snort dbname=snort_db host=localhost password=foo to: output database: alert, mysql, user=snort dbname=snort_db host=localhost password=foo I tried adding the preprocessor for portscan preprosessor portscan: 10.0.0.0/8 5 10 /var/log/portscan.log started nmap: ls /<datadir>/snort/*.MYD very small and times have not changed. mysql snortadmin(not real name) -p use snort select * from iphdr empty. logs to me look like everything loads. Any suggestions? ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Yet another alert not being logged to mysql database[edited] Jacob, Raymond A Jr (Apr 21)