|
|
|
|
Snort Forums Archive
Archive Home » Linux » Snort-2.4.4/mysql/fc4 rpm not logging to mysql?
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Snort-2.4.4/mysql/fc4 rpm not logging to mysql?
Posted by Kinetics on April 21, 2006 10:56:16
I installed the snort-2.4.4 rpm and snort-mysql-2.4.4 rpm from snort.org and then set up /etc/snort/snort.conf to have the output line to connect to mysql on a remote host, and then set up the mysql database/login/password on the remote host and added the schema. I also tested connection to the remote database via the mysql client and it was successful.
When starting snort using /etc/init.d/snortd start, it starts successfully and logs correctly to /var/log/snort/alerts, however no data gets logged into the MySQL database at all. I've tried running an nmap portscan on the machine, as well as running all nessus tests on the machine, and all the alerts/data get logged to disk just fine but never to the MySQL server.
I also double checked to make sure the snort executable thats running is actually snort-mysql, and it is.
The only thing that seems like it might be fishy to me is the /etc/init.d/snortd file is starting snort like so:
/usr/sbin/snort -A fast -b -d -D -i eth1 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
Are all these options (such as -b) compatible in combination with logging to a MySQL server? Any help would be appreciated!
Mike |
|
Posted by zrd on May 09, 2006 07:38:56
Had very similar problem. It turned out to be that the user (snort) must be properly atuthenticated by mysql. Make sure you created user snort (snort%, snort @localhost, etc) with all pertainig permissions. If you don't know mysql command line then, something like "Mysql Administrator" will help you. Hope this help......... |
|
|
|
|
|
