|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] postgresql
From: Bryan Irvine (bryan.irvine
kingcountyjournal.com)
Date: Wed Jul 02 2003 - 13:57:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I ran this command (with my variables replaced for yours) and got an
error that postgres wasn't even compiled in!! eek! *Do'h!*
I did a recompile --with-postgresql and now it doesn't come back with
any errors. I see these at start time
#######################
database: compiled support for ( postgresql )
database: configured to use postgresql
database: user = admin
database: password is set
database: database name = snort
database: host = monitor.horvitznewspapers.net
database: sensor name = 192.233.103.186
database: sensor id = 1
database: schema version = 106
database: using the "log" facility
#######################
*yay*
I have it running now, I will check back shortly to see if the db is
populating.
--Bryan
On Wed, 2003-07-02 at 11:29, Jason K. Boykin wrote:
> Im using
> /usr/local/bin/snort -u snort -o -b -l /var/log/snort -d -D -i $INTERFACE -c
> /etc/snort/snort.conf
> Although Im logging it to localhost.
>
> snort.conf
>
> Under alert_syslog: Ive got
> output alert_fast: alert
> You could specify full here
>
> Under database: Im using
> output database: alert, postgresql, dbname=snort user=snort password=xxx
> host=localhost port=5432
> try changing host to the ip your wanting to log to and the rest of the info
> needs to be correct.
>
> Here is a snippet from pg_hba.conf that you will need to modify to allow your
> snort machine to log to the database machine but it sounds like you already
> did this.
> # Put your actual configuration here
> # ----------------------------------
> # This default configuration allows any local user to connect as any
> # PostgreSQL username, over either UNIX domain sockets or IP:
> local all trust
> host all 127.0.0.1 255.255.255.255 trust
>
> Hope this helps!
>
> On Wednesday 02 July 2003 12:36 pm, Bryan Irvine wrote:
> > I'm trying to do remote logging with a postgresql db.
> >
> > I've configured postgres, and can log in remotely, all the tables ahve
> > been created (via the create_postgresql script), I can log in run sql
> > commands but can't figure out how to get snort to log to it. I've tried
> > output database: alert, mysql, user=username dbname=snort host=hostname
> > output database: log, mysql, user=username dbname=snort host=hostname
> > output database: alert, mysql, user=username password=password \
> > dbname=snort host=hostname
> >
> > The snort command I'm running is
> >
> > snort -i xl1 -A FULL -c /usr/local/share/snort/snort.conf -l
> > /var/www/htdocs/snort/xl1
> >
> > I've tried without the -l option (thinking maybe it can't log to a
> > directory and db at the same time) but then I get an error that
> > /var/snortsomething doesn't exist.
> >
> > Any ideas? This seems like I'm so close...
> >
> > --Bryan
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]