[Snort-users] Logging to MySQL from Snort (Honeywall CD)
This is a discussion on [Snort-users] Logging to MySQL from Snort (Honeywall CD) within the Snort forums, part of the System Security and Security Related category; > This message is in MIME format. Since your mail reader does not understand this format, some or all of ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-02-2005
|
|||
|
|||
[Snort-users] Logging to MySQL from Snort (Honeywall CD)
> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible. --Boundary_(ID_q1qEWLtujnvxKWqdV0ZDwQ) Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: quoted-printable Hello. I=B9m trying to get Snort on my honeywall to log against an external mySQL-database. I=B9ve added this line to /etc/snort/snort.conf: output database: log, mysql, user=3Dsnort_user password=3D******* dbname=3Dsnort_db host=3D******* I=B9ve set up the mysql-server (and know it=B9s working, since I=B9m already running another snort-process from a different IDS-sensor against it), and the honeywall-logs tell me that the Snort/MySQL-handshake is completed afte= r Snort is restarted. My question is then: Why isn=B9t Snort sending data to the database? Snort is running and generating regular logs in /var/log/snort/xxx/, but nothing is sent to the external database. Port 3306 is open, but there is no traffic going out of the honeywall-GW on it. Thank you. Kind regards Christian --Boundary_(ID_q1qEWLtujnvxKWqdV0ZDwQ) Content-type: text/html; charset=ISO-8859-1 Content-transfer-encoding: 7BIT <HTML> <HEAD> <TITLE>Logging to MySQL from Snort (Honeywall CD)</TITLE> </HEAD> <BODY> <FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Hello.<BR> <BR> I’m trying to get Snort on my honeywall to log against an external mySQL-database. I’ve added this line to /etc/snort/snort.conf:<BR> <BR> output database: log, mysql, user=snort_user password=******* dbname=snort_db host=*******<BR> <BR> I’ve set up the mysql-server (and know it’s working, since I’m already running another snort-process from a different IDS-sensor against it), and the honeywall-logs tell me that the Snort/MySQL-handshake is completed after Snort is restarted.<BR> <BR> My question is then: Why isn’t Snort sending data to the database? Snort is running and generating regular logs in /var/log/snort/xxx/, but nothing is sent to the external database. Port 3306 is open, but there is no traffic going out of the honeywall-GW on it.<BR> <BR> Thank you.<BR> <BR> Kind regards<BR> Christian</SPAN></FONT> </BODY> </HTML> --Boundary_(ID_q1qEWLtujnvxKWqdV0ZDwQ)-- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
