I am following this tutorial: https://help.ubuntu.com/community/SnortIDS

I've set up the database, everything has installed correctly, and I've configured the snort.conf file so it outputs to a database (with creds all filled out ok).

When I run /etc/init.d/snort start, it fails but does not produce any error message other than [fail].

The last few lines of /var/log/syslog are:

snort[5687]: database: must enter database name in configuration file#012
snort[5687]: FATAL ERROR:

My output database line in the snort.conf file is:

output database: log, mysql, user=snort password=... dbname=snort host=localhost

I have tried it with the commas separating everything, putting quotes around stuff, etc. The password is only made up of letters (after I thought maybe a number was throwing it off).

  • 360
  • 3
  • 10

2 Answers2


[parameter list]

The parameter list consists of key value pairs (See Table 4). The syntax of the parameter list is a series of key=value pairs each separated by a space.

The only parameter that is absolutely necessary is dbname. All other parameters are optional but may be necessary depending on the RDBMS configuration.

Move dbname to be the first parameter to see what happens:

output database: log, mysql, dbname=snort user=snort host=localhost password=...
  • 50,327
  • 19
  • 152
  • 213

In your snort.conf comment the line:

include dabases.conf
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940