Project

General

Profile

Bug #277

Snort on pfSense Router Not Sending Alerts to MySQL Database

Added by Daniel Curtis almost 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Intrusion Detection/Prevention
Target version:
Start date:
12/27/2013
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:

Description

I encountered a problem during the configuration of the Snort IDS with Barnyard2 where the alerts triggered by Snort were not being sent to the remote database configured to receive the alerts. I checked the configuration in Services -> Snort -> {Snort Interface} -> {Interface} Barnyard2 and found it to be set to:

alert, mysql, user=user password=pass dbname=snorby host=IP

This however is incorrect, I needed to set it to the proper configuration:

output database: alert, mysql, user=user password=pass dbname=snorby host=IP

Once I set the proper configuration Barnyard2 began sending alerts to the remote MySQL database.

History

#1 Updated by Daniel Curtis over 5 years ago

  • Project changed from 32 to FreeBSD Administration
  • Category set to Intrusion Detection/Prevention
  • Target version set to pfSense 2.1.5

Also available in: Atom PDF