[Snort-users] mysql on another box?
This is a discussion on [Snort-users] mysql on another box? within the Snort forums, part of the System Security and Security Related category; --0-947536552-1093962509=:93775 Content-Type: text/plain; charset=us-ascii I am trying to get snort to log to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-31-2004
|
|||
|
|||
[Snort-users] mysql on another box?
--0-947536552-1093962509=:93775
Content-Type: text/plain; charset=us-ascii I am trying to get snort to log to another box that has MySQL on it and the box that has Snort does not have MYSQL. It does not seem to be logging to it. I get the following error when I start Snort w/ snort -c /etc/snort/snort.conf: Initializing rule chains... database: compiled support for ( ) database: configured to use mysql database: 'mysql' support is not compiled into this build of snort Do I still have to have MYSQL running on the sensor even though tit is logging somewhere else? Here is what I put in snort.conf to tell it to log to the other box: output database:log,mysql,user=snort password=Ournetwork* dbname=root host=10.25 5.55.11 Cheers, Lawrence A. Wichman2719 W ThomasApt 2 Chicago Il, 60622 773.807.7606 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --0-947536552-1093962509=:93775 Content-Type: text/html; charset=us-ascii <DIV>I am trying to get snort to log to another box that has MySQL on it and the box that has Snort does not have MYSQL. It does not seem to be logging to it. I get the following error when I start Snort w/ snort -c /etc/snort/snort.conf:</DIV> <DIV> </DIV> <DIV> <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">Initializing rule chains...<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></FONT></P> <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">database: compiled support for ( )<o:p></o:p></SPAN></FONT></P> <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">database: configured to use mysql<o:p></o:p></SPAN></FONT></P> <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">database: 'mysql' support is not compiled into this build of snort</SPAN></FONT></P> <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"></SPAN></FONT> </P> <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">Do I still have to have MYSQL running on the sensor even though tit is logging somewhere else?</SPAN></FONT></P> <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">Here is what I put in snort.conf to tell it to log to the other box:</SPAN></FONT></P><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"> <P class=MsoNormal><FONT face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">output database:log,mysql,user=snort password=Ournetwork* dbname=root host=10.25<o:p></o:p></SPAN></FONT></P> <P class=MsoNormal><FONT face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">5.55.11<o:p></o:p></SPAN></FONT></P></SPAN></FONT> <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"></SPAN></FONT> </P> <P class=MsoNormal><FONT face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P> </DIV><BR><BR><DIV> <DIV> <DIV> <DIV> <DIV> <ADDRESS><FONT size=4>Cheers,<BR></FONT></ADDRESS> <ADDRESS><FONT size=4>Lawrence A. Wichman</FONT></ADDRESS> <ADDRESS><FONT size=4>2719 W Thomas</FONT></ADDRESS> <ADDRESS><FONT size=4>Apt 2<BR></FONT><FONT size=4>Chicago<BR></FONT><FONT size=4>Il, 60622<BR></FONT><FONT size=5>773.807.7606<BR></ADDRESS></FONT></DIV></DIV></DIV></DIV></DIV><p>___________________________________________ _______<br>Do You Yahoo!?<br>Tired of spam? Yahoo! Mail has the best spam protection around <br>http://mail.yahoo.com --0-947536552-1093962509=:93775-- ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
