[Snort-users] Re: Snort not logging to MySQL

From: Adam Shephard <sfnative33(at)yahoo.com>
Date: Wed Feb 12 2003 - 18:20:23 EST

• Adam Shephard <sfnative33@yahoo.com> wrote: <snip>
  > I am getting this in /var/log/daemon.log:
  >
  > Feb 9 14:02:48 ******* snort: PID stat checked out
  ok, PID set to /var/run/
  > Feb 9 14:02:48 ******* snort: Writing PID file to
  "/var/run/"
  > Feb 9 14:02:48 ******* snort: Initializing daemon
  mode
  > Feb 9 14:02:48 ******* snort: PID stat checked out
  ok, PID set to /var/run/
  > Feb 9 14:02:48 ******* snort: Writing PID file to
  "/var/run/"
  > Feb 9 14:02:49 ******* snort: database: must enter
  database name in configuration file
  > Feb 9 14:02:49 ******* snort: FATAL ERROR:
  >
  > I do have the database name listed in the common.inc
  > file, per instructions. This is happeneing on two
  > separate machines. On one, I copied the config files
  > from an article from SecurityFocus, on the other I
  > re-typed the files by hand. That leads me to believe
  > it's not a typo but it's certainly possible.
  </snip>

In case anybody else runs up against this, here is the solution I came up with. After looking at others' "output database" lines, I noticed that the order of the variables that I had differed slightly.

So, I changed
output database: log, mysql, user=snort password= dbname=snort_log host=localhost

to read

output database: log, mysql, dbname=snort_log user=snort password= host=localhost

Strangely enough, that did it.

HTH Adam

---

Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com

---

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Wed Feb 12 18:26:24 2003