I've been using snort 2.4 and decided to upgrade to 2.6.1.1. Though I
included the "--with-mysql" directive when running configure, snort
fails to send anything to my database. The output directive in the
snort.conf reads like "output database: log, mysql, user=dbsnort
dbname=snortdb host=1.1.1.1".
When snort is started, it doesn't complain about any problems, starts
just fine, and adds alerts to the alert file. However, a tcpdump shows
that not a single packet is being sent to the database server. There
are no other output directives in my configuration file and the previous
snort sensor had almost the same exact configuration. Anyone have a
suggestion on what the problem could be?
I briefly had barnyard configured and was using the unified output.
Barnyard had no issues sending data to the database. I was having
issues with Base working correctly, but that is another issue. I
mention this to show that the database server is accepting data from the
server with no problems.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
|