snort-mysql not starting on Ubuntu server

Posted by Rsaesha on Server Fault See other posts from Server Fault or by Rsaesha
Published on 2012-09-04T21:36:22Z Indexed on 2012/09/04 21:40 UTC
Read the original article Hit count: 214

Filed under:

snort

I am following this tutorial: https://help.ubuntu.com/community/SnortIDS

I've set up the database, everything has installed correctly, and I've configured the snort.conf file so it outputs to a database (with creds all filled out ok).

When I run /etc/init.d/snort start, it fails but does not produce any error message other than [fail].

The last few lines of /var/log/syslog are:

snort[5687]: database: must enter database name in configuration file#012
snort[5687]: FATAL ERROR:

My output database line in the snort.conf file is:

output database: log, mysql, user=snort password=... dbname=snort host=localhost

I have tried it with the commas separating everything, putting quotes around stuff, etc. The password is only made up of letters (after I thought maybe a number was throwing it off).

Related posts about snort

Snort: not logging anything

as seen on Server Fault - Search for 'Server Fault'
My site seems to be the target of quite a bit of probing over the last few months. In an attempt to get a better handle on this I installed SNORT on one of the machines that has external exposure. Something must not be installed correctly as I see lots of probing in /var/log/messages but snort isn't… >>> More
Snort/Barnyard2 Logging

as seen on Server Fault - Search for 'Server Fault'
I need some help with my Snort/Barnyard2 setup. My goal is to have Snort send unified2 logs to Barnyard2 and then have Barnyard2 send the data to other locations. Here is my currrent setup. OS Scientific Linux 6 Snort Version 2.9.2.3 Barnyard2 Version 2.1.9 Snort command snort -c /etc/snort/snort… >>> More
snort analysis of wireshark capture

as seen on Server Fault - Search for 'Server Fault'
I'm trying to identify trouble users on our network. ntop identifies high traffic and high connection users, but malware doesn't always need high bandwidth to really mess things up. So I am trying to do offline analysis with snort (don't want to burden the router with inline analysis of 20 Mbps… >>> More
Snort's problems in generating alert from Darpa 1998 intrusion detection dataset.

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi. I’m working on DARPA 1998 intrusion detection dataset. When I run snort on this dataset (outside.tcpdump file), snort don’t generate complete list of alerts. It means snort start from last few hours of tcpdump file and generate alerts about this section of file and all of packets in first hours… >>> More
Snort network instruction Mac OS X

as seen on Super User - Search for 'Super User'
I'm trying to learn network intrusion detection. When I try to launch Snort, in IDS mode, I get this message (I'm running Mac OS X): Initializing Network Interface en1 ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: snort Fatal Error, Quitting.. How can I fix this problem… >>> More

Developer IT