I am following this tutorial: https://help.ubuntu.com/community/SnortIDS
I've set up the database, everything has installed correctly, and I've configured the snort.conf file so it outputs to a database (with creds all filled out ok).
When I run /etc/init.d/snort start, it fails but does not produce any error message other than [fail].
The last few lines of /var/log/syslog are:
snort[5687]: database: must enter database name in configuration file#012
snort[5687]: FATAL ERROR:
My output database line in the snort.conf file is:
output database: log, mysql, user=snort password=... dbname=snort host=localhost
I have tried it with the commas separating everything, putting quotes around stuff, etc. The password is only made up of letters (after I thought maybe a number was throwing it off).
Move
dbname
to be the first parameter to see what happens:In your snort.conf comment the line: