v2.8.4 incorrect logging to MySQL

["Danny Paul" <JDPAUL () GoColumbiaMO com>]

It appears that version 2.8.4 does not properly log to mysql. I have the following line in my config file (***** = 
redacted):

output database: log, mysql, user=***** password=***** dbname=snortdb host=localhost sensor_name=***** encoding=hex 
detail=full

The tables are empty when snort is started.

When I start snort, it does start making entries into the event, tcphdr, iphdr, and data tables. However, it never 
makes an entry for itself in the sensor table and never inserts anything into the signature table. That means that 
there is no way to correlate events to the sensor that generated them or the signature triggering the alert.  I logged 
all MySQL queries to confirm this behavior. Snort will query the sensor and signature tables but never inserts. What 
could be the cause of this?


Particulars:
OpenSuSE 11.1
Snort 2.8.4
Mysql 5.0.67
Phil Wood's libpcap ver:0.9.8.20081128


Snort compiled from source using configuration directives:
--with-mysql 
--enable-dynamicplugin 
--with-libpcap-libraries=/usr/local/lib 
--with-libpcap-includes=/path/to/libpcap-0.9.8.20081128



Thanks,
Danny Paul


** Virus scanned by City of Columbia MO Email Firewall **

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users