LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Snort database: Closing connection to database "" (http://www.linuxquestions.org/questions/linux-security-4/snort-database-closing-connection-to-database-341365/)

Homer Glemkin 07-08-2005 04:01 PM

Snort database: Closing connection to database ""
 
I have my snort .conf set up as
output database: log, mysql, user=snort password=***** dbname=snort host=localhost
output database: alert, mysql, user=snort password=**** dbname=snort host=localhost
but when I run snort from like this:
/usr/sbin/snort -vi eth0 -c /etc/snort/snort.conf
I don't get any logging done in MYSQL and I noticed this
database: Closing connection to database ""
database: Closing connection to database "SRC/DST"
as a message after I close snort.

Any help would be great, I've came accross a few similar threads by googling it but noone had an answer
Thanks,
Homer

Krugger 07-13-2005 06:10 PM

have you created the user snort and all the tables that are needed, did you grant him write access to the tables?

Probably need insert,select,create,delete,update.

Are you perhaps trying to use network instead of local UNIX socket?

Homer Glemkin 07-14-2005 07:58 PM

yep, I don't get any connection errors.

here is my snort.conf

var HOME_NET any

var EXTERNAL_NET any

var DNS_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var SNMP_SERVERS $HOME_NET


var HTTP_PORTS 80
var SHELLCODE_PORTS !80
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521


var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.18$

var RULE_PATH /etc/snort

preprocessor flow: stats_interval 0 hash 2
preprocessor frag2
preprocessor stream4: disable_evasion_alerts
preprocessor stream4_reassemble
preprocessor http_inspect: global \
iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default \
profile all ports { 80 8080 8180 } oversize_dir_length 500
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode
preprocessor sfportscan: proto { all } \
memcap { 10000000 } \
sense_level { low }
preprocessor xlink2state: ports { 25 691 }

output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=**** password=****** dbname=****** host=localhost
output database: alert, mysql, user=***** password=***** dbname=****** host=localhost

include classification.config
include reference.config

config flowbits_size: 256


All times are GMT -5. The time now is 05:19 AM.