[olug] Snort Not Logging

VHP3 vhpascale3 at yahoo.com
Tue Oct 26 01:38:47 UTC 2004


Check to see if, when Snort was compiled, Mysql
logging was enabled.  It should look something like:

--enable_mysql = yes

at either the 'make' or 'make install' command.  

I've done it in FreeBSD using ports and makefiles, so
I'm not exactly sure where or how it would be done in
Linux.  But it would be something similar to the
above.  Where you would go to find this info, I'm not
entirely sure...a config file perhaps.

Vince

--- Mac Petras <mpetras at gmail.com> wrote:

> Ok all you Snort gurus out there...
> 
> I'm trying to troubleshoot a Snort box (RH 9, Snort
> 2.04, MySQL
> 4.0.16). I didn't build it (or break it for that
> matter), just trying
> to get it to work.
> 
> Here's what I know so far:
> 
> 1) Someone recently removed all the databases for
> snort and reinstalled Snort
> 2) Using eth0 in promiscuos more, no IP
> 3)  It has captured nothing to the database, However
> the alert log
> file has data, but not since Aug 29th)
> 
> The  NICs are working, but no data is being
> captured....
> 
> Any thoughts on where to start? Troubleshooting
> order? etc?
> 
> Thanks!
> Mac
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
> 


=====
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."   -- Benjamin Franklin


		
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail 



More information about the OLUG mailing list