Hey All!
So I originally had my BASE and snort mysql db on the same box...all went
well. I decided to move the mysql install and db to a Mac OSX machine. I
"thought" all went well. Here's the issue I'm having:
My rc.snort script (running on slackware 10.1) has:
/usr/local/bin/snort -i eth1 -D -o -c /etc/snort/snort.conf "ip and not udp
port 4500"
as the startup line. If this is run manually things go fine...snort starts
and logs to mysql. Here is an update script that I use to grab bleeding
rules:
#!/bin/bash
cd /home/jlay/
wget http://www.bleedingsnort.com/bleeding.rules.tar.gz
tar zxvf bleeding.rules.tar.gz
cp -v rules/bleeding*.rules /etc/snort/rules/
cat /etc/snort/sid-msg.map.orig /home/jlay/rules/bleeding-sid-msg.map
/etc/snort/sid-msg.map.gateway | sort -u > /etc/snort/sid-msg.map
/etc/rc.d/rc.snort stop
/etc/rc.d/rc.snort start
rm /home/jlay/bleeding.rules.tar.gz
This daily job is run as root at 4:20 AM. When this is run, snort starts
and connects to the mysql db, but it doesn't log anything. CAN I GET A WHAT
THE HECK OVER. Does anyone have a clue on why this would be like this? The
user the db uses is snort with all permissions. ODD. Thanks all!
James Lay
Network Manager/Security Officer
AmeriBen Solutions/IEC Group
Deo Gloria!!!
-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start! http://www.idcswdc.com/cgi-bin/survey?id=105hix
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
