Snort mailing list archives
RE: snort (with mysql) write only in message.log
From: "Joshua Berry" <jberry () PENSON COM>
Date: Thu, 22 Jul 2004 13:12:08 -0500
What parameters are you passing snort from the command line? What does the rest of the config look like? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Stefan Sabolowitsch Sent: Thursday, July 22, 2004 12:23 PM To: snort-users () lists sourceforge net Subject: [Snort-users] snort (with mysql) write only in message.log Hi list / ng I have a server WBEL (RHEL) here with snort-mysql. Snort starts without problems. Yet nothing is written in mysql. snort write only in message.log What do I make wrong? Does anyone have an idea? To thanks for every aid Stefan Infos: message.log (alarms) Jul 22 18:27:03 hydra-1 snort: [1:1411:5] SNMP public access udp [Classification: Attempted Information Leak] [Priority: 2]: {UDP} 192.168.1.51:1609 -> 192.168.1.249:161 Jul 22 18:27:03 hydra-1 snort: [1:1417:4] SNMP request udp [Classification: Attempted Information Leak] [Priority: 2]: {UDP} 192.168.1.51:1609 -> 192.168.1.249:161 Jul 22 18:27:03 hydra-1 snort: [1:1411:5] SNMP public access udp [Classification: Attempted Information Leak] [Priority: 2]: {UDP} 192.168.1.51:1610 -> 192.168.1.249:161 Jul 22 18:27:03 hydra-1 snort: [1:1417:4] SNMP request udp [Classification: Attempted Information Leak] [Priority: 2]: {UDP} 192.168.1.51:1610 -> 192.168.1.249:161 Snort.cfg output database: log, mysql, user=snorty password=snorty dbname=snorty host=localhost message.log (start snort) Jul 22 18:22:59 hydra-1 kernel: eth0: Setting promiscuous mode. Jul 22 18:22:59 hydra-1 kernel: device eth0 entered promiscuous mode Jul 22 18:22:59 hydra-1 snort: Initializing daemon mode Jul 22 18:22:59 hydra-1 snort: PID path stat checked out ok, PID path set to /var/run/ Jul 22 18:22:59 hydra-1 snort: Writing PID "8105" to file "/var/run//snort_eth0.pid" Jul 22 18:22:59 hydra-1 snort: ,-----------[Flow Config]---------------------- Jul 22 18:22:59 hydra-1 snort: | Stats Interval: 0 Jul 22 18:22:59 hydra-1 snort: | Hash Method: 2 Jul 22 18:22:59 hydra-1 snort: | Memcap: 10485760 Jul 22 18:22:59 hydra-1 snort: | Rows : 4099 Jul 22 18:22:59 hydra-1 snort: | Overhead Bytes: 16400(%0.16) Jul 22 18:22:59 hydra-1 snort: `---------------------------------------------- Jul 22 18:22:59 hydra-1 snort: HttpInspect Config: Jul 22 18:22:59 hydra-1 snort: GLOBAL CONFIG Jul 22 18:22:59 hydra-1 snortd: Starten von snort succeeded Jul 22 18:22:59 hydra-1 snort: Max Pipeline Requests: 0 Jul 22 18:22:59 hydra-1 snort: Inspection Type: STATELESS Jul 22 18:22:59 hydra-1 snort: Detect Proxy Usage: NO Jul 22 18:22:59 hydra-1 snort: IIS Unicode Map Filename: /etc/snort/unicode.map Jul 22 18:22:59 hydra-1 snort: IIS Unicode Map Codepage: 1252 Jul 22 18:22:59 hydra-1 snort: DEFAULT SERVER CONFIG: Jul 22 18:22:59 hydra-1 snort: Ports: Jul 22 18:22:59 hydra-1 snort: 80 Jul 22 18:22:59 hydra-1 snort: 8080 Jul 22 18:22:59 hydra-1 snort: 8180 Jul 22 18:22:59 hydra-1 snort: Jul 22 18:22:59 hydra-1 snort: Flow Depth: 300 Jul 22 18:22:59 hydra-1 snort: Max Chunk Length: 500000 Jul 22 18:22:59 hydra-1 snort: Inspect Pipeline Requests: YES Jul 22 18:22:59 hydra-1 snort: URI Discovery Strict Mode: NO Jul 22 18:22:59 hydra-1 snort: Allow Proxy Usage: NO Jul 22 18:22:59 hydra-1 snort: Disable Alerting: NO Jul 22 18:22:59 hydra-1 snort: Oversize Dir Length: 500 Jul 22 18:22:59 hydra-1 snort: Only inspect URI: NO Jul 22 18:22:59 hydra-1 snort: Ascii: YES alert: NO Jul 22 18:22:59 hydra-1 snort: Double Decoding: YES alert: YES Jul 22 18:22:59 hydra-1 snort: %U Encoding: YES alert: YES Jul 22 18:22:59 hydra-1 snort: Bare Byte: YES alert: YES Jul 22 18:22:59 hydra-1 snort: Base36: OFF Jul 22 18:22:59 hydra-1 snort: UTF 8: OFF Jul 22 18:22:59 hydra-1 snort: IIS Unicode: YES alert: YES Jul 22 18:22:59 hydra-1 snort: Multiple Slash: YES alert: NO Jul 22 18:22:59 hydra-1 snort: IIS Backslash: YES alert: NO Jul 22 18:22:59 hydra-1 snort: Directory: YES alert: NO Jul 22 18:22:59 hydra-1 snort: Apache WhiteSpace: YES alert: YES Jul 22 18:22:59 hydra-1 snort: IIS Delimiter: YES alert: YES Jul 22 18:22:59 hydra-1 snort: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Jul 22 18:22:59 hydra-1 snort: Non-RFC Compliant Characters: Jul 22 18:22:59 hydra-1 snort: NONE Jul 22 18:22:59 hydra-1 snort: Jul 22 18:22:59 hydra-1 snort: rpc_decode arguments: Jul 22 18:22:59 hydra-1 snort: Ports to decode RPC on: 111 32771 Jul 22 18:22:59 hydra-1 snort: alert_fragments: INACTIVE Jul 22 18:22:59 hydra-1 snort: alert_large_fragments: ACTIVE Jul 22 18:22:59 hydra-1 snort: alert_incomplete: ACTIVE Jul 22 18:22:59 hydra-1 snort: alert_multiple_requests: ACTIVE Jul 22 18:22:59 hydra-1 snort: telnet_decode arguments: Jul 22 18:22:59 hydra-1 snort: Ports to decode telnet on: 21 23 25 119 Jul 22 18:22:59 hydra-1 snort: command line overrides rules file alert plugin! Jul 22 18:23:00 hydra-1 snort: Snort initialization completed successfully ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort (with mysql) write only in message.log Stefan Sabolowitsch (Jul 22)
- Re: snort (with mysql) write only in message.log Dirk Geschke (Jul 22)
- <Possible follow-ups>
- RE: snort (with mysql) write only in message.log Joshua Berry (Jul 22)
- Re: snort (with mysql) write only in message.log amanda smooth (Jul 22)