Snort mailing list archives
Re: (no subject)
From: "M. Shirk" <shirkdog_list () hotmail com>
Date: Mon, 01 Aug 2005 17:02:31 -0400
That was a fuxor of language :-)
> Is the output getting to the DB you defined??
What current analysis tool are you using? ACID/BASE/SnortSnarf (and others)You can just connect to the DB and run SQL queries to find the last entry in the DB.
Shirkdog http://www.shirkdog.us
From: Jason Benway <benwaynet () gmail com> Reply-To: Jason Benway <benwaynet () gmail com> To: "M. Shirk" <shirkdog_list () hotmail com> CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] (no subject) Date: Mon, 1 Aug 2005 15:23:53 -0400 That is the only output command I have in my config. What do you mean by "Is the output getting the DB you defined??" I have old data in the database from before I upgraded. Is there an easy way I could dump all the data from the database so I can see if any new data is being written to the database? I'm running snort from the snortd deamon. so I'm not sure what commands are being passed. jb On 8/1/05, M. Shirk <shirkdog_list () hotmail com> wrote: > Do you have any other output plugins specified? > > Is the output getting the DB you defined?? > > (one more for question) > What command lines arg's are you passing to snort? > > Shirkdog > http://www.shirkdog.us > > > > >From: Jason Benway <benwaynet () gmail com> > >Reply-To: Jason Benway <benwaynet () gmail com> > >To: snort-users () lists sourceforge net > >Subject: [Snort-users] (no subject) > >Date: Mon, 1 Aug 2005 14:55:30 -0400 > > > >I've running snort 2.3.3. > > > >Since I starting using the snort.conf from version 2.3.3, It seems > >like snort is only writting to the log files. My configur looks like > >this: > > > >output database: log, mysql, user=snort password=********** > >dbname=snort host=localhost sensor_name=grand_haven > > > >my /var/log/snort/eth0 > >and > >/var/log/snort/eth1 > >are full of log files. > > > >thanks,jb > > > > > >------------------------------------------------------- > >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > >from IBM. Find simple to follow Roadmaps, straightforward articles, > >informative Webcasts and more! Get everything you need to get up to > >speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click > >_______________________________________________ > >Snort-users mailing list > >Snort-users () lists sourceforge net > >Go to this URL to change user options or unsubscribe: > >https://lists.sourceforge.net/lists/listinfo/snort-users > >Snort-users list archive: > >http://www.geocrawler.com/redir-sf.php3?list=snort-users > > _________________________________________________________________> On the road to retirement? Check out MSN Life Events for advice on how to> get there! http://lifeevents.msn.com/category.aspx?cid=Retirement > > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > Snort-users mailing list > Snort-users () lists sourceforge net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.php3?list=snort-users >
_________________________________________________________________Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject) Angelita de Cássia Corrêa (Jul 17)
- <Possible follow-ups>
- (no subject) Jason Benway (Aug 01)
- Re: not logging to database Jason Benway (Aug 01)
- Re: (no subject) Xavier Cabrera (Aug 01)
- RE: (no subject) M. Shirk (Aug 01)
- Re: (no subject) Jason Benway (Aug 01)
- Re: (no subject) M. Shirk (Aug 01)
- Snort rules for Jolt tommy garsia (Aug 02)
- RE: (no subject) Jeff Dell (Aug 01)
- Re: (no subject) Jason Benway (Aug 01)
- Re: (no subject) Jason Brvenik (Aug 01)
- Re: (no subject) Jason Benway (Aug 01)
- Re: (no subject) Jason Brvenik (Aug 01)
- Re: (no subject) Jason Benway (Aug 01)
- RE: (no subject) Paul Melson (Sep 02)