Snort mailing list archives
Newbie setup question
From: "James Friesen" <lucretia () telusplanet net>
Date: Sat, 16 Jun 2001 08:19:04 -0600
Hi folks, I have a bit of a newbie question. The documentation seems to need a rewrite since it's unable to answer my questions, and I've noticed that it's a common question with many other people trying to install this. I see where the problem is, but I don't know how to fix it. Using Michael Steele's Document I tried to follow his instructions for installing snort. I'm not sure of the advantages of using a SQL database in this fashion (if anyone can explain the benefits vs tcpdumps I'd be interesting in hearing) so I wanted to try it out. I'm realizing MySQL may require a bit more knowledge and familiarity than I have. Snort was working fine, and has been for 3 months. I have taken notes of the steps I have taken so far to install Snort according to this document, and I will include it here, so you can see where Michael's steps worked, and where they failed for me: Installing Snort according to Micheal Steele of SiliconDefense.com Ok, before starting process, currently have snort running and logging in tcpdump format . Downloaded all components as required. Installed MySQL according to the instructions. NOTE: Had a problem with the syntax of one of the parameters it required according to the MySQL documents.... - Enter the following query in the Query screen: GRANT ALL PRIVILEGES ON *.* to 'user name'@localhost identified by 'password' with grant option and click on the small green '>' on the top of the query screen. This did not work at all. Syntax errors on "." What is this parameter supposed to be. I'm assuming this will haunt me later. Continued with set up of MySQL.... Finished MySQL setup and running as noted. Created MySQL database for snort logs as directed ok. Snort was already installed so the next section was skipped. However, at this point I had to go back to the internet to download the SNORT1.7 source as the create_mysql was not included with prior installations. This would have been nice to know first (this is the third fetch of zip files, perhaps a archive with these files could be included in the MySQL binaries, and reduce the amount of fetching for files required? WinPcap was already installed so the next section was skipped. Testing Snort is where it broke completely. First test: At this point I got complaints that snort was not compiled with MySQL support. Second test: Ok, extracted the proper binary and installed it manually. Ok now it supports mysql, but a config error in the output module in snort.conf was broke and needed to be fixed. Done. Third test: ok, now we have a strange error that needs to be interpreted first. mysql_error: Access denied for user: '@MACH01' to database 'snort' Looks like the user name isn't being passed, and my guess is the haunt has come back to haunt me. Thanks in advance!! ----- James Friesen - Integration Specialist Lucretia Enterprises - info () lucretia ca www.lucretia.ca _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie setup question James Friesen (Jun 14)
- <Possible follow-ups>
- Newbie setup question James Friesen (Jun 16)
- RE: Newbie setup question Michael Steele (Jun 20)