On Fri, May 01, 2009 at 12:12:09PM -0400, Jeff Green wrote: > The output database plugin is > configured. If snort is started on the command > line, not as a daemon and with /etc/snort/snort.conf as the config file, then > the console messages indicate that the database plugin is invoked. However if > starting from /etc/init.d/snort startup file, then there is no indication of > the database plugin being seen, regardless of its daemon status. The is no > indication that the connect has failed because of credentials or privileges.
When starting from /etc/init.d all snort messages are logged in syslog. Could you please review your /var/log/messages* files to see if you can find the Snort messages? Please send me any messages you see there that might be relevant to this issue. > One interesting but possibly irrelevant item is if I go into mysql (on the db > server), then the describe table for snort.schema gives an error, e.g. That is just because 'schema' is a reserved word in MySQL and you have to quote it or otherwise you get a syntax error. Regards Javier
signature.asc
Description: Digital signature
