| Author |
Message |
chasing_dreams |
|
Post subject: snort not logging to mysql
 Posted: Jul 09, 2006 - 10:04 PM
|
|
Joined: Jul 09, 2006
Posts: 4
Status: Offline
|
|
Hi all,
i have installed evevrything as per the document provided. Everything seems fine. When I launch a portscan, i can see the alert in the alert.ids file and the portscan.log file. But nothing shows up on the mysql and Base console.
when i issue the command
"snort -c d:\win-ids\snort\etc\snort.conf"
i get an error as :
"ERROR: d:\win-ids\snort\etc\snort.conf(513) => 'log/portscan.log' could not be opened."
Please Help. |
|
|
| |
|
|
|
 |
|
chasing_dreams |
|
|
Post subject: RE: snort not logging to mysql
Posted: Jul 09, 2006 - 11:22 PM
|
|
Joined: Jul 09, 2006
Posts: 4
Status: Offline
|
|
Just to update you further, Im runnin snort on win2k3 server, snort version 2.4.5, with a single NIC. If I run snort as service, I do not see any errors and snort runs fine except it does not log anything to the Mysql DB, however it is logging to the log directory. And if I ru the command :
"snort -c d:\win-ids\snort\etc\snort.conf"
i get an error as :
"ERROR: d:\win-ids\snort\etc\snort.conf(513) => 'log/portscan.log' could not be opened."
Help please. |
|
|
| |
|
|
|
|
|
Morpheus |
|
|
Post subject: RE: snort not logging to mysql
Posted: Jul 10, 2006 - 05:36 AM
|
|
Site Admin
Joined: Sep 04, 2003
East Coast - USA
Posts: 1462
Location: East Coast - USA
Status: Offline
|
|
Check your snort.conf you might have made an error:
Note: Find the entry for 'Preprocessor sfportscan'
Original: sense_level { low }
Change: sense_level { low } \
Just below the changed line above add:
logfile { portscan.log }
the portscan.log has a space right after the '{' and right brfore the '}' |
_________________
Best regards,
Morpheus...
WINSNORT.com Management
|
| |
|
|
|
|
|
chasing_dreams |
|
|
Post subject:
Posted: Jul 11, 2006 - 09:57 PM
|
|
Joined: Jul 09, 2006
Posts: 4
Status: Offline
|
|
Thanks Morpheus, i actually goofed up with MySql, everything is runnong OK now. However, I have one question. Is it possible to get mac addresses of source IPs in the alerts? If so How?
thanks
Chasing dreams |
|
|
| |
|
|
|
|
|
Morpheus |
|
|
Post subject:
Posted: Jul 12, 2006 - 12:21 AM
|
|
Site Admin
Joined: Sep 04, 2003
East Coast - USA
Posts: 1462
Location: East Coast - USA
Status: Offline
|
|
| Nope. |
_________________
Best regards,
Morpheus...
WINSNORT.com Management
|
| |
|
|
|
|
|
|
