[REPOST] Snort not loging on MySql

["Di Fresco Marco" <superdif () infinito it>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
I am re-sending this message because in the previous attempt I used a
different e-mail address from the one I using to be subscribed to the
list. So to the moderators: please disregard the previous e-mail and
forgive me.

I temporarily solved my previous problem ("Device didn't translate")
by setting in snort.conf the HOME_NET to my real IP address instead
of using (\Device\NPF_{18...3C}). At the moment Snort works, but I
have another problem.

Basically the problem is that Snort does not log on my MySql server.
I checked the archives of this ML and I also done a search on Google,
but the only two solutions I found were to try to drop the snort
database and recreate it, or to check the perimission of the snort
user to make sure it can write to the snort database; I tried both
solutions and they did not work (the implementation of the solutions
worked, but Snort still does not log).

Here my environment:
WinXP Pro. (full patched)
Snort 2.1.0
MySql 4.0.17
(all three software on the same standalone machine).

Here an extract of my snort.conf:
var HOME_NET [My IP address]
var EXTERNAL_NET !$HOME_NET
...
var SQL_SERVERS $HOME_NET
...
output database: log, mysql, user=snort@localhost
password=SNORTPASWORD dbname=snort host=localhost encoding=ascii
detail=full ignore_dbf=0
(all in one line)

For the part (of snort.conf) where all the rules are listed, I
changed the path from relative ($RULE_PATH\) to absoulute
(D:\Snort\rules\).

And here is the syntax I use to launc Snort: D:\Snort\bin\snort.exe
- -c "D:\snort\etc\snort.conf" -l "D:\snort\Log" - -A full -i 1 -I -d
- -e -X
(all in one line)

Any suggestion?

Thank in advance.



Di Fresco Marco
http://home.comcast.net/~superdif/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQIVAwUBQBsd02FI2e+I8s0+AQIPnA//deeRStx3had6m74Q6gXVAy6n/YiXXNe8
++9221lQBnjzkDt/zyDF7YgMS1H01KNMlBubsAeBo1syRZIivc0TzUIIZJddDbkK
bf65qYIiXt/lE/u4lAuyBSlm7RtCKw9/+1aBrZWuAc1h8SR+W/Rl+pVNr/t74g3i
edgu/nIoTDntHs3gO5+/zb/18tYASkQhQxYKP9V5Ipd0u8vhaBWJES/vSEi9Fj0W
OmMywE/GinyqitTN9890HA/Ccg/yZZ68yA6Ma1tuQztHwhMv1ftwv08iFjlwBkXS
mDNTy5GU/7B3/bTMOxgQwx9Au+zFSmUVj2gM/VczhsTKwWEH9xWj2lOIlvWQ1mGZ
esgDrY/vZA84XISiFkBJ0jaaHvtTG+mzwQTiK77LfP+T+HIHyT6bQyWEWfybwhSK
M5enkmpRI4QeNez1R6cHg41/75qBHHtUpnlVKVdShTG1sCfXrHgRmE8w3Tqvc2Tk
ecCdt+FvZfduy96v8p1Y4M2+8V1Xi0ogrBYVSr624QdP6oQ6zS9seYSsB6y55R5s
E5mgPU5WjWwCV3nS4QN4poBEQ3SOPCStoYgkhwNzNRIa7QfsV3nVbd3I5fl0ogx9
JmYQE8Vv+7uxwtAaN20dQ3m9G0g5C6nxTVpKaTgdtDR4u7YTTYSlsC4d/pd1Ed2M
s38GsR3gdFs=
=FMEh
-----END PGP SIGNATURE-----



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users