LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-08-2005, 03:01 PM   #1
Homer Glemkin
Member
 
Registered: Nov 2004
Distribution: Ubuntu, CentOS
Posts: 50

Rep: Reputation: 15
Snort database: Closing connection to database ""


I have my snort .conf set up as
output database: log, mysql, user=snort password=***** dbname=snort host=localhost
output database: alert, mysql, user=snort password=**** dbname=snort host=localhost
but when I run snort from like this:
/usr/sbin/snort -vi eth0 -c /etc/snort/snort.conf
I don't get any logging done in MYSQL and I noticed this
database: Closing connection to database ""
database: Closing connection to database "SRC/DST"
as a message after I close snort.

Any help would be great, I've came accross a few similar threads by googling it but noone had an answer
Thanks,
Homer
 
Old 07-13-2005, 05:10 PM   #2
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
have you created the user snort and all the tables that are needed, did you grant him write access to the tables?

Probably need insert,select,create,delete,update.

Are you perhaps trying to use network instead of local UNIX socket?
 
Old 07-14-2005, 06:58 PM   #3
Homer Glemkin
Member
 
Registered: Nov 2004
Distribution: Ubuntu, CentOS
Posts: 50

Original Poster
Rep: Reputation: 15
yep, I don't get any connection errors.

here is my snort.conf

var HOME_NET any

var EXTERNAL_NET any

var DNS_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var SNMP_SERVERS $HOME_NET


var HTTP_PORTS 80
var SHELLCODE_PORTS !80
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521


var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.18$

var RULE_PATH /etc/snort

preprocessor flow: stats_interval 0 hash 2
preprocessor frag2
preprocessor stream4: disable_evasion_alerts
preprocessor stream4_reassemble
preprocessor http_inspect: global \
iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default \
profile all ports { 80 8080 8180 } oversize_dir_length 500
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode
preprocessor sfportscan: proto { all } \
memcap { 10000000 } \
sense_level { low }
preprocessor xlink2state: ports { 25 691 }

output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=**** password=****** dbname=****** host=localhost
output database: alert, mysql, user=***** password=***** dbname=****** host=localhost

include classification.config
include reference.config

config flowbits_size: 256
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help with sorting through "database" jorisb Linux - General 1 11-03-2005 07:04 PM
Why do I always get "urpmi database locked?" Ausar Linux - Newbie 2 08-11-2004 12:09 PM
"user database cannot be read" mehesque Linux - General 2 05-07-2004 05:04 PM
How to find back "history" database after "history -c" ? san_lss Linux - Newbie 1 01-07-2004 11:53 AM
Can't find init file for database "SID_NAME" cyrilbritto Linux - General 0 08-20-2003 07:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration