I’m using snort in win7. We know that using snort in its sniffer mode

Question

0

Asked: May 27, 20262026-05-27T10:52:29+00:00 2026-05-27T10:52:29+00:00

I’m using snort in win7. We know that using snort in its sniffer mode

0

I’m using snort in win7.
We know that using snort in its sniffer mode we can log a lot packets
into a file, and now I want to log them to a mysql server. I enabled
the database output plugin in the snort.conf and customed a rule:

log ip any any <> any any (sid:2000000;)

as a test.

Everything is OK and I used a PC whose ip is 172.18.186.186 to ping another 172.18.186.189. What I hope to get is 8 records, among which there would be 4 records and their ip_srces are 172.18.186.186. However I just got 4 records and their ip_dsts are 172.18.186.186 while the ip_srces are 172.18.186.189.

OK,that’s my problem. How can I get the 8 records I want to see? Is it possible?
Thanks in advance.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T10:52:30+00:00

Editorial Team

2026-05-27T10:52:30+00:00Added an answer on May 27, 2026 at 10:52 am

yes, you can check out snorby. and lot of implementation there are for connecting snort to a database, such as mysql or mongodb etc.

This article explaing you how u can log to mysql.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using snort in win7. We know that using snort in its sniffer mode

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply