Re: Snort

To: Debian Security <debian-security@lists.debian.org>
Subject: Re: Snort
From: David Hardne <dh@cybe.net>
Date: Mon, 17 Feb 2003 17:47:03 +0100
Message-id: <[🔎] 20030217174703.A10894@sune.cybe.net>
Mail-followup-to: Debian Security <debian-security@lists.debian.org>
In-reply-to: <[🔎] 20030217151924.GA11665@zionlth.org>; from plhofmei@zionlth.org on Mon, Feb 17, 2003 at 10:19:24AM -0500
References: <[🔎] 20030217151924.GA11665@zionlth.org>

 Phillip Hofmeister wrote on Feb 17, 2003 at 10:19:24 AM:
> All,
> 
> I have been having problems with snort, this may be kind of OT for this
> list (should be debian-user) but I have a feeling more people on this
> list use snort.
> 
> I manage 2 potato converted to woody machines.  Each morning I receive 2
> blank reports from cron.daily.
> 
> I have snort-mysql installed.  snort appears to be running fine but
> nothing ever gets written to the mysql database.  The username/password
> I gave snort have update/select/insert rights to the mysql DB.
> 
> Any clue of where I can start looking for problems as to why this isn't
> working?
> 
> Thanks,
> 
> -- 
> Phil
> 

I don't know about snort-mysql, but I got the same empty reports
initially from snort (non-mysql package) on a woody machine also
upgraded from potato. 

In my case the problem was snort by default logging only to 
/var/log/alerts, while snort-stat (running from /etc/cron.daily/5snort) 
was operating on /var/log/auth.log.  

Regards,

David

-- 
 .- David Hardne <dh@cybe.net>
 `-- wget -O- cybe.net/dh|gpg --import

Reply to:

References:
- Snort
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Prev by Date: multi eth0:x:y with ifconfig...
Next by Date: Re: [OT} Need advice on rsync backups
Previous by thread: Snort
Next by thread: Re: Snort
Index(es):
- Date
- Thread