Snort mailing list archives
What causes snort rules to insert into mysql.
From: Richard Buskirk <rbuskirk () planettele com>
Date: Mon, 8 Jun 2009 16:32:11 -0400
If I have a rule that is like this. Alert tcp $HOME_NET any -> !HOME_NET 21 (msg:" TCP ftp-data File Transfer";sid:1010;) I just made up the sid. I am still not understanding how this works I guess. It logs this all day long in the /var/log/snort/alert file. Is there something special I have to do to it to make it log into the mysql database? Do I have to be careful on the sid numbers I assign to rules? mysqld (pid 3086) is running... I can login with the snort user mysql -u snorter -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.0.45 Source distribution mysql> I have full access to the tables required. mysql> SELECT * FROM snort.detail; +-------------+-------------+ | detail_type | detail_text | +-------------+-------------+ | 0 | fast | | 1 | full | +-------------+-------------+ 2 rows in set (0.00 sec) mysql> mysql> INSERT INTO snort.data (sid,cid,data_payload) VALUES ('1','1','test'); Query OK, 1 row affected (0.00 sec) But none of the rules are inserting into mysql. Snort is configured -with-mysql. HELP lol.....
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What causes snort rules to insert into mysql. Richard Buskirk (Jun 08)
- Message not available
- Re: What causes snort rules to insert into mysql. John Gay (Jun 08)
- Re: What causes snort rules to insert into mysql. Richard Buskirk (Jun 08)
- Re: What causes snort rules to insert into mysql. Joel Esler (Jun 08)
- Re: What causes snort rules to insert into mysql. John Gay (Jun 08)
- Message not available