Re: [Snort-users] snort IDS mode and mssql
This is a discussion on Re: [Snort-users] snort IDS mode and mssql within the Snort forums, part of the System Security and Security Related category; Hi Adam, Try adding a "-l ." switch at the command line. What alerting option=20 are you using? ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-03-2004
|
|||
|
|||
Re: [Snort-users] snort IDS mode and mssql
Hi Adam,
Try adding a "-l ." switch at the command line. What alerting option=20 are you using? You might want to try something like the syslog or "-A=20= none" switch if you aren't using the real-time alerting stuff. -Marty On Jul 30, 2004, at 10:54 AM, Adam Maxwell wrote: > Hi, I have just installed snort on a laptop running > =A0 > Windows 2003 Standard Server > SQL 2000 SP3a > Snort-2_2_0RC1 > =A0 > I have created a database called snort with a username "snort" and=20 > password "snort". I have created the database schema, and also created=20= > a ODBC link to the database. The snort user has db_owner rights to the=20= > database. > =A0 > When I use snort with the -c option i get an error saying can't write=20= > to log directory, can someone tell me the correct settings in my=20 > snort.conf file. This is what I have tried > =A0 > "output database: log, mssql, dbname=3Dsnort, user=3Dsnort, = host=3Dlocalhost=20 > password=3Dsnort" > =A0 > The error I get is. > =A0 > ERROR: Can not write access to logging directory "log". (directory=20 > doesn't exist or permissions are set incorrectly or it is not a=20 > directory at all) > =A0 > Fatal Error, Quitting > > > ************************************************** ******** > This e-mail, including attachments, is confidential and is > intended for view by the addressee only. > > Any views, opinions and judgements expressed are > solely those of the author and may not reflect those > > If you have received this message in error, or have > concerns about the use of this account, please > contact: postmaster@elliott-group.co.uk . > For more information about The Elliott Group Ltd, > please visit the Web site at http://www.elliott-group.co.uk > > This footnote also confirms that this e-mail message > has been swept by MIMEsweeper for the presence of > computer viruses. > ************************************************** ******** > --=20 Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch@sourcefire.com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
