Snort mailing list archives

Previous By Date Next
Previous By Thread Next

DB Problem (long lines)

From: Jan Gruber <jan.gruber () pollux primacom net>
Date: Fri, 16 May 2003 12:24:41 +0200
Hi!

Im nearly at the point to bang my head against the wall.
Hopefully somebody can prevent that.

I get alerts logged into syslog, but not into mysql

The snort user has all needed perms in the db, I tested it from the mysql console. 
He can insert, delete, create, update, index etc.pp. in the snort db.
INSERT INTO event ....  works ok from the commandline.

* Config:

FreeBSD 4.8

Snort 2.0.0 (plain source or patched for port-build, makes no difference)
- compiled with mysql-support, double checked that
- snort conf output plugins
 output database: alert, mysql, user=snortuser password=snortpasswd dbname=snort host=localhost sensor_name=sensor
 output alert_syslog: LOG_AUTH LOG_ALERT

mysql Ver 3.23.55 for portbld-freebsd4.8

snort cmdline:
/usr/local/bin/snort -u snort -g snort -D -I -i dc0 -N -c /usr/local/etc/snort/snort.conf


mysql log on snort startup:
030516 10:57:11      14 Connect     snort@localhost on snort
                     14 Query       SELECT sid FROM sensor WHERE hostname = 'xxx.xxx.xxx.xxx' AND interface = 'fxp0' 
AND detail = '1' AND encoding = '0' AND filter IS NULL                     14 Query       SELECT last_cid FROM sensor 
WHERE sid = '5'
                     14 Query       SELECT MAX(cid) FROM event WHERE sid = '5'
                     14 Query       SELECT vseq FROM schema
030516 10:57:12      15 Connect     snort@localhost on snort
                     15 Query       SELECT sid FROM sensor WHERE hostname = 'xxx.xxxxxxxx.xxx:dc0' AND interface = 
'dc0' AND detail = '1' AND encoding = '0' AND filter IS NULL
                     15 Query       SELECT last_cid FROM sensor WHERE sid = '1'
                     15 Query       SELECT MAX(cid) FROM event WHERE sid = '1'
                     15 Query       SELECT vseq FROM schema
030516 10:57:13      16 Connect     snort@localhost on snort
                     16 Query       SELECT sid FROM sensor WHERE hostname = 'xxx.xxxxxxxx.xxx:dc1' AND interface = 
'dc1' AND detail = '1' AND encoding = '0' AND filter IS NULL
                     16 Query       SELECT last_cid FROM sensor WHERE sid = '2'
                     16 Query       SELECT MAX(cid) FROM event WHERE sid = '2'
                     16 Query       SELECT vseq FROM schema

Obviously mysql connect is ok, but no alerts get logged into the database.
Any hint is appreciated.

TIA
Jan
-- 
Jan Gruber              Primacom AG
Central Systems

Office: +49 (341) 609 524 53
Fax:    +49 (341) 609 525 17

cat /dev/world | perl -e "while (<>) {(/(^.*?\?) 42\!/) && (print $1)}"
errors->(c)
- 


-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: