RE: [Snort-users] Snort-MySQL problem
This is a discussion on RE: [Snort-users] Snort-MySQL problem within the Snort forums, part of the System Security and Security Related category; It's work !!! Thanks Martin. Another question from me: My Snort is automatic running,but why it doesn't read ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-02-2003
|
|||
|
|||
RE: [Snort-users] Snort-MySQL problem
It's work !!! Thanks Martin. Another question from me: My Snort is automatic running,but why it doesn't read snort.conf file? I must always running command : [root@medinetserver bin]# snort -c /etc/snort/snort.conf -i eth0 after my PC is reboot. Any idea ? Quoting CMartin@infosol.com: > It would appear that you are running snort in Test mode. I noticed you used > the -T option in the command line. This tells snort to test the config file > and then exit. So just remove the -T and you will be all set. > > > Chris > > -----Original Message----- > From: Syed Zuhdi Syed Salim [mailto:syzuhdi@penawargroup.com] > Sent: Tuesday, September 30, 2003 7:31 PM > To: snort-users@lists.sourceforge.net > Subject: [Snort-users] Snort-MySQL problem > > Hi, > > Snort doesn't log into MySQL database. How to solve this problem??? > This the output when I running command : > > [root@medinetserver bin]# snort -c /etc/snort/snort.conf -i eth0 -T > Running in IDS mode > Log directory = /var/log/snort > > Initializing Network Interface eth0 > > --== Initializing Snort ==-- > Initializing Output Plugins! > Decoding Ethernet on interface eth0 > Initializing Preprocessors! > Initializing Plug-ins! > Parsing Rules file /etc/snort/snort.conf > > ++++++++++++++++++++++++++++++++++++++++++++++++++ + > Initializing rule chains... > No arguments to frag2 directive, setting defaults to: > Fragment timeout: 60 seconds > Fragment memory cap: 4194304 bytes > Fragment min_ttl: 0 > Fragment ttl_limit: 5 > Fragment Problems: 0 > Self preservation threshold: 500 > Self preservation period: 90 > Suspend threshold: 1000 > Suspend period: 30 > Stream4 config: > Stateful inspection: ACTIVE > Session statistics: INACTIVE > Session timeout: 30 seconds > Session memory cap: 8388608 bytes > State alerts: INACTIVE > Evasion alerts: INACTIVE > Scan alerts: ACTIVE > Log Flushed Streams: INACTIVE > MinTTL: 1 > TTL Limit: 5 > Async Link: 0 > State Protection: 0 > Self preservation threshold: 50 > Self preservation period: 90 > Suspend threshold: 200 > Suspend period: 30 > Stream4_reassemble config: > Server reassembly: INACTIVE > Client reassembly: ACTIVE > Reassembler alerts: ACTIVE > Ports: 21 23 25 53 80 110 111 143 513 1433 > Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 > http_decode arguments: > Unicode decoding > IIS alternate Unicode decoding > IIS double encoding vuln > Flip backslash to slash > Include additional whitespace separators > Ports to decode http on: 80 > rpc_decode arguments: > Ports to decode RPC on: 111 32771 > alert_fragments: INACTIVE > alert_large_fragments: ACTIVE > alert_incomplete: ACTIVE > alert_multiple_requests: ACTIVE > telnet_decode arguments: > Ports to decode telnet on: 21 23 25 119 > database: compiled support for ( mysql ) > database: configured to use mysql > database: user = snort > database: password is set > database: database name = snort > database: host = localhost > database: sensor name = 192.168.0.3 > database: sensor id = 1 > database: schema version = 106 > database: using the "log" facility > 1454 Snort rules read... > 1454 Option Chains linked into 146 Chain Headers > 0 Dynamic rules > ++++++++++++++++++++++++++++++++++++++++++++++++++ + > > Rule application order: ->activation->dynamic->alert->pass->log > > --== Initialization Complete ==-- > > -*> Snort! <*- > Version 2.0.1 (Build 88) > By Martin Roesch (roesch@sourcefire.com, www.snort.org) > > Snort sucessfully loaded all rules and checked all rule chains! > database: Closing connection to database "snort" > Snort exiting > [root@medinetserver bin]# > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > > dnAYMPDP ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
