Snort mailing list archives

RE: Snort Logging on Linux but NOT to MYSQL on windows

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Thu, 13 Feb 2003 13:45:04 -0500

Did you just restart this MySQL instance?  From the status information you
sent (e.g., Uptime), it appears that this MySQL instance was just started.  

What we need to see is the MySQL status information *after* Snort has been
running a while, and actively logging alerts to the /var/log/snort/alerts
file.  Since you are using both the alert and log facilities in Snort, every
alert generated to the /var/log/snort/alert file should also generate an
entry in the MySQL database.  Let Snort run a day or so, then send us the
MySQL status information.  

Also, you should be able to connect locally to your MySQL server as 'root',
use 'show full processlist\G' command, and see an active connection for your
Snort sensor.  My process list looks like:  

*************************** 1. row ***************************
     Id: 64
   User: snort
   Host: winnt4sensor.mydomain.com
     db: snort
Command: Sleep
   Time: 7824
  State:
   Info: NULL
*************************** 2. row ***************************
     Id: 71
   User: snort
   Host: win2ksensor.mydomain.com
     db: snort
Command: Sleep
   Time: 163312
  State:
   Info: NULL

As you can see, my two Snort sensors are actively connected to the MySQL
'snort' database as the 'snort' user.  You should see something similar.  

I kinda wish you were "next door" so that I could get a hands on, but I
don't suppose that you're in the northern Virginia, USA, area are you?  

- Christopher 


-----Original Message-----
From: mike Hughes [mailto:mikehughes013 () hotmail com]
Sent: Thursday, February 13, 2003 5:52 AM
To: bkarnold () cbu edu; CLuther () Xybernaut com; erek () snort org;
snort-users () lists sourceforge net
Subject: RE: Snort Logging on Linux but NOT to MYSQL on windows 


hey this is with my fresh INSTALL: Here are the commands output: status and 
variables: I know snort started properly on LINUX caseu i checked 
/var/log/messages and it did connect to windows mahine cause i checked 
netstat and my firewall says it connected esyablished 192.168.0.1 to  
192.168.0.69 port 3306. Kerio says it reaceived 3016 bytes of data from 
192.168.0.1 but nothng more: There are tables in the snort databse: Not sure

why its not logging

[snip... snip... snip...]

| Uptime                   | 170   |

Current thread:

Snort Logging on Linux but NOT to MYSQL on windows mike Hughes (Feb 11)
- Re: Snort Logging on Linux but NOT to MYSQL on windows Erek Adams (Feb 12)
- RE: Snort Logging on Linux but NOT to MYSQL on windows Vicky Mair (Feb 12)
- <Possible follow-ups>
- RE: Snort Logging on Linux but NOT to MYSQL on windows L. Christopher Luther (Feb 12)
- RE: Snort Logging on Linux but NOT to MYSQL on windows mike Hughes (Feb 13)
  - Re: RE: Snort Logging on Linux but NOT to MYSQL on windows Erek Adams (Feb 13)
- RE: Snort Logging on Linux but NOT to MYSQL on windows L. Christopher Luther (Feb 13)