Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] how to see the log from database

from [Geoffrey Sanders] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] how to see the log from database
Date: Thu, 9 Sep 2004 23:03:47 -0700 (PDT) 
Neha:

If the command you referenced below is what you are
using...you should add a space between the configure
and with mysql....like so:

./configure --with-mysql=DIR

DIR=/usr (if this is where mysql is located I.E.
/usr/mysql). I normally run the configure and make as
a normal user...and then su -c "make install"...which
will prompt you for the root password to run the
installation script. YMMV.

Also...did you grant proper permissions for the snort
user on your mysql database? If the snort user doesn't
have proper permissions, it won't be able to insert,
query, etc data. It looks from your config that you
are connecting to mysql as root, however, so this
shouldn't be an issue.

Another area to look...snort may be relying on
localhost:3306 to be bound (since snort normally runs
on a remote sensor...it would probably require the
ability to connect to port 3306 on the host that runs
mysql). Make sure that mysql/snort are able to talk on
localhost:3306 (especially if mysql is not configured
to use sockets). Also, snort.conf should specify a
port no if you are connecting via ports instead of
sockets.

The doc directory in the snort source has a
README.database to check out that might help narrow
down your troubleshooting.



--- neha agrawal <nehavrce@yahoo.co.in> wrote:


hello1
        what i did is downloaded version 2.1.3 and
configured it for mysql support..

#./configure--with-mysql=/usr

make , make install

then in snort.conf

output database: alert, mysql, user=root            
 
     password=beginwithsmile dbname=snort
host=localhost

(above being a single line..)


then 

#snort -c snort.conf -r s2.trace


where s2.trace is trace file got from tcpdump


the output shown on concosle is attached as a file..

it executes properly .. and shows that 
ALERTS =17
LOGGED =17

but when i see the the tables in snort database by
loging as user root in database with same password
as
in .conf file.. i see all tables are empty..

why??

 why these tables r not filled??

 is there some other command to see the log from
database

 im missing some trivila thing??

i am new user of snort please help me out


i am attaching output of my snort run as attachment



                    thanks
                                neha



________________________________________________________________________

Yahoo! India Matrimony: Find your life partner
online
Go to: http://yahoo.shaadi.com/india-matrimony



ATTACHMENT part 2 application/octet-stream

name=Text2 File




                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] how to see the log from database, neha agrawal
Next by Date:  [Snort-sigs] format of data logged in mysql database, neha agrawal
Previous by Thread:  [Snort-sigs] how to see the log from database, neha agrawal
Next by Thread:  [Snort-sigs] format of data logged in mysql database, neha agrawal
Indexes:  [Date] [Thread] [Top] [All Lists]