Re: [Snort-inline-users] output module bug in 2.4.3-RC3

[Michael W C. <co...@ca...>]

<sigh>  What I forgot to write was that I'm currently running
snort_inline _AND_ snort, exactly like this -

snort_inline -c /etc/snort/snort.conf -Q
snort -c /etc/snort/snort.conf

If I drop the -Q from the snort command line (or the snort_inline
command line), database writes work fine.  What I have no confidence
in and no way to test is if anything is actually being done with the
packets in the queue.

Database connectivity is working fine - as long as I don't try to use
the QUEUE facility in either snort or snort_inline.

Mike-




On Mon, 23 Jan 2006 16:02:31 -0700, you wrote:

>Sorry coming in late here Mike but did you set up the database info in the
>config file?
>
>-----Original Message-----
>From: sno...@li...
>[mailto:sno...@li...] On Behalf Of Michael
>W Cocke
>Sent: Monday, January 23, 2006 2:52 PM
>To: sno...@li...;
>sno...@li...
>Subject: [Snort-inline-users] output module bug in 2.4.3-RC3
>
>I was absolutely certain that it was something that I did wrong, so I
>went back to the beginning, reinstalled all the requires, compiled
>snort from scratch, turned on every log file I could find, and built a
>rule to log every occurence of GET on port 80.
>
>I've tried both snort and snort-inline compiled with --enable-inline
>and --with-mysql.  Running with this command line snort -Q -c
>/etc/snort/snort.conf -v (replace snort with snort_inline as you
>wish).  I get lots of screen activity from the -v, but snort doesn't
>write anything to a mysql database. Neither does snort_inline
>2.4.3-RC3, compiled with the same options.
>
>If anyone has a suggestion or would like me to try something, email
>me. 
>
>
>Mike-
>--
>If you're not confused, you're not trying hard enough.
--
If you're not confused, you're not trying hard enough.
--
Please note - Due to the intense volume of spam, we have installed 
site-wide spam filters at catherders.com.  If email from you bounces,
try non-HTML, non-encoded, non-attachments,