|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] An acid problem.
From: kinux (kinux
hknet.com)
Date: Fri Sep 24 2004 - 13:45:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In snort.conf, i have choose to use mysql..
# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more information about configuring
# and using this plugin.
#
output database: log, mysql, user=snort password=123454 dbname=snort host=localhost
----- Original Message -----
From: Gould, Scott
To: snort-userslists.sourceforge.net
Sent: Friday, September 24, 2004 3:32 PM
Subject: RE: [Snort-users] An acid problem.
My 1st thought would be to check your snort.conf file for the appropriate output plug-in configuration. You need to tell snort to log to your mysql db, via an output db plug-in line in your snort.conf file..
The documentation at snort.org and the snort.conf file give examples of database output logging.
This, is however a method that may not be able to keep up with high bandwidth. You may want to consider a flow like this if you have high bandwidth pipes your monitoring:
Snort logs to binary log file
Barnyard monitors binary log file, and does inserts into mysql db
Lots of information about barnyard can be found in the various setup docs available at snort.org, and by searching the archives of this list.
My best advice, only being at this for a year or so myself, is to start simple (which your doingJ), get your current setup working, then look to tune performance down the road.
Hope this helps.
Scott Gould, MCP
Senior Network & Systems Analyst
Gynecologic Oncology Group
Statistical & Data Center
sgouldgogstats.org
716-845-5702
------------------------------------------------------------------------------
From: snort-users-adminlists.sourceforge.net [mailto:snort-users-adminlists.sourceforge.net] On Behalf Of kinux
Sent: Friday, September 24, 2004 2:10 AM
To: snort-userslists.sourceforge.net
Subject: [Snort-users] An acid problem.
hi,
i installed snort, mysql, acid by ports on a freebsd box.
When i try to display Alert Listing: 15 Last Alerts, there is nothing show on the
screen. as following. What's the problem?
ACID
Alert Listing: 15 Last Alerts Home
Search | AG Maintenance
[ Back ]
Added 0 alert(s) to the Alert cache
Queried DB on : Fri September 24, 2004 10:22:20 Meta Criteria any
IP Criteria any
Layer 4 Criteria none
Payload Criteria any
Displaying 15 Last Alerts
Thanks.
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]