Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-08-2005, 03:01 PM
|
#1
|
Member
Registered: Nov 2004
Distribution: Ubuntu, CentOS
Posts: 50
Rep:
|
Snort database: Closing connection to database ""
I have my snort .conf set up as
output database: log, mysql, user=snort password=***** dbname=snort host=localhost
output database: alert, mysql, user=snort password=**** dbname=snort host=localhost
but when I run snort from like this:
/usr/sbin/snort -vi eth0 -c /etc/snort/snort.conf
I don't get any logging done in MYSQL and I noticed this
database: Closing connection to database ""
database: Closing connection to database "SRC/DST"
as a message after I close snort.
Any help would be great, I've came accross a few similar threads by googling it but noone had an answer
Thanks,
Homer
|
|
|
07-13-2005, 05:10 PM
|
#2
|
Member
Registered: Oct 2004
Posts: 229
Rep:
|
have you created the user snort and all the tables that are needed, did you grant him write access to the tables?
Probably need insert,select,create,delete,update.
Are you perhaps trying to use network instead of local UNIX socket?
|
|
|
07-14-2005, 06:58 PM
|
#3
|
Member
Registered: Nov 2004
Distribution: Ubuntu, CentOS
Posts: 50
Original Poster
Rep:
|
yep, I don't get any connection errors.
here is my snort.conf
var HOME_NET any
var EXTERNAL_NET any
var DNS_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var SNMP_SERVERS $HOME_NET
var HTTP_PORTS 80
var SHELLCODE_PORTS !80
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521
var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.18$
var RULE_PATH /etc/snort
preprocessor flow: stats_interval 0 hash 2
preprocessor frag2
preprocessor stream4: disable_evasion_alerts
preprocessor stream4_reassemble
preprocessor http_inspect: global \
iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default \
profile all ports { 80 8080 8180 } oversize_dir_length 500
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode
preprocessor sfportscan: proto { all } \
memcap { 10000000 } \
sense_level { low }
preprocessor xlink2state: ports { 25 691 }
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=**** password=****** dbname=****** host=localhost
output database: alert, mysql, user=***** password=***** dbname=****** host=localhost
include classification.config
include reference.config
config flowbits_size: 256
|
|
|
All times are GMT -5. The time now is 05:05 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|