There needs to be something that will trigger an alert in order for there to
be something in there.
Try adding these to a file called test.rules and edit your snort.conf to
load the new rule set
alert icmp any any -> any any
alert tcp any any -> any any
Then add a -o to your snort run line
Then restart Snort and do some browsing of the web and you should get a LOT
of alerts.
You can do a tcp dump of port 3306 on your MySQL server to see if there are
any alerts getting through.
Kindest regards,
Michael...
WINSNORT.com Management Team Member
--
Pick up your FREE Windows or UNIX Snort installation guides
mailto:support@winsnort.com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-
admin@lists.sourceforge.net] On Behalf Of Esler, Joel - Contractor
Sent: Friday, October 29, 2004 11:47 AM
To: linux2003; snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Snort 2.x does not logs into MySQL
Do you have the ICF enabled on your SP2 WinXP machine?
J
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of linux2003
Sent: Tuesday, October 26, 2004 12:28 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Snort 2.x does not logs into MySQL
Hi everyone,
I have setup a Snort w/MySQL on Windows Xp SP2 machine with no problem.
However when I run the Snort no logs are logged into database.
Database setting as well as the conf file looks fine and OK.
Any idea what I am missing here ??
---
Running in packet dump mode
Log directory = log
Initializing Network Interface
\Device\NPF_{1689EEEC-0514-41E1-BFCF-F172473E95C0}
--== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface
\Device\NPF_{1689EEEC-0514-41E1-BFCF-F172473E95C0}
--== Initialization Complete ==--
-*> Snort! <*-
Version 2.2.0-ODBC-MySQL-FlexRESP-WIN32 (Build 30)
By Martin Roesch (roesch@sourcefire.com, www.snort.org) 1.7-WIN32 Port
By Michael Davis (mike@datanerds.net,
www.datanerds.net/~mike)
1.8 - 2.x WIN32 Port By Chris Reid (chris.reid@codecraftconsultants.com)
Snort sucessfully loaded all rules and checked all rule chains! Snort
exiting
--------------
No logs in MySQL at all ...
Thanks for your input,
Roman
-------------------------------------------------------
This Newsletter Sponsored by: Macrovision
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate
today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id�065&op=ick
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id�065&opÌk
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
