Try using 'alert' vice 'log' for inserting events into the DB (ie: output database: alert, mysql,dbname=xxx user=xxx password=xxx hostname=127.0.0.1) and then starting snort w/the -b option for binary logging to /var/log/snort. Bammkkkk On Mon, 2002-12-30 at 08:32, Sasa Jusic wrote: > Hi, > > My name is Sasa and I heve recently joined to this mailing list, which I > find very interesting and usefull. > > I have some experience in running Snort, but I am still learning and testing > its capabilities. I think it is great product, and that it is very usefull > for network monitoring and intrusion detection. > > Right now I'm using Snort 1.9.0 as IDS system on our network, and it is is > configured for MySQL database logging (output database: log, mysql, > dbname=xxx user=xxx password=xxx hostname=127.0.0.1). For data analysis and > system monitoring I am using Snortsnarf in combination with ACID, and it > works just fine. > > But, there is one thing bothering me, and I don't now where is the problem. > In my /var/log/snort dir there is no other logs expect portscan.log and > alerts log files. > > Snort logs its data to MySQL database but there is no logs in > /var/log/snort. > > I'm running Snort with following arguments: > > snort -de -h xxx.xxx.xxx.xxx -l /var/log/snort -c /etc/snort/snort.conf > > In my conf file I just configured MySQL output plugin, as stated before (I > can't see any other parameter in snort.conf which could influence on this > problem). > > I thought it will by default log normaly to /var/log/snort, beside logging > to MySQL database. > > How can I configure Snort to log data at MySQL database and /var/log/snort > dir at the same time? > > Thanks for help, > > Sasa Jusic, > e-mail: sasa.jusic@zesoi.fer.hr > Laboratory for Systems and Signal, FER > Croatia > > > > > > > > > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.php3?list=snort-users -- Bamm Visscher <bamm@satx.rr.com> ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users