Snort mailing list archives
Re: (Snort-users) Configure MySQL for multiple snort sensors
From: "Joe Pampel" <joe () ardsley com>
Date: Fri, 19 Oct 2001 15:56:21 -0400
Hi - and thanks for the replies! I have created new users for the remote sensors as per the replies like this: myqsl> \u mysql mysql> grant INSERT,SELECT,DELETE,UPDATE on snort.* to snort@192.168.0.1; when I do a "select* from user;" I see the users created, but they have no privileges.. eg the various fields all have 'N' 's in them. I can see the original 'localhost' version of the snort user and it has all "Y's" in the permission fields.. not sure what's going on, I made all the ID's with the same commands and I'm logged in as the same user.. maybe another cup of coffee will make things clearer. What's extra wierd is that my remote sensor is running fine and showed no login issues during startup and it's MySQL ID also has all "N"'s.. while the sensor on the local machine cannot log in at all. (it's trying to log in as snort@<host IP>) RE: method #2 (msg 15) I cannot get it to take this syntax.. I think I understand where you're going with the 'Y'Y,'Y','Y','Y' bit but MySQL won't take it.. I'm reading my MySQL book and it uses a grant ALL command. Tried that too, to no avail... I can't see what's stopping me.. maybe the fact that root and the original admin were tied to localhost and now I don't have permission to create users with rights?? ps: anyone know where ADODB (in the ACID config) pulls it's database address from? I'm going through all the files but cannot find a 'localhost' ref, but it keeps crashing ACID trying to find the DB on localhost.. I think that's the only setting I'm missing. I plan on making a 'how to' when this is over! As usual nothing really hard about it, just a lot of details to trip over.. Thanks again, - Joe ----------------------------------------------------------------------------------------------------------------
Message: 8
Date: Thu, 18 Oct 2001 07:46:00 +0200
From: <sandro.poppi () wacker com>
To: <joe () ardsley com>, <snort-users () lists sourceforge net>
Subject: [Snort-users] AW: (Snort-users) Configure MySQL for multiple snort sensors
I had the same prob a couple of times. I created the user the following way and
it worked:
mysql> grant INSERT,SELECT,DELETE,UPDATE on snort.* to snort@192.168.0.1
identified by 'YOUR_PASSWORD';
mysql> flush privileges;
where snort.* means your database tables, snort@192.168.0.1 means User snort
coming from the given ip.
This should be independent of the underlying OS.
Sandro
-------------------------------------------------------------------------------------------------------------
Message: 15
From: Erwin Fok <Erwin () fox-it com>
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Configure MySQL for multiple snort sensors
Date: Thu, 18 Oct 2001 16:36:09 +0200
Ok!
What i think u need to do is the following:
shell> mysql --user=root mysql
mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('some_pass'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
mysql> FLUSH PRIVILEGES;
where in localhost u put the IP of the sensor. Also u need to install some
MYSQL files on the sensor wich are needed for Snort to run.
After that it should work. Or it worked for me!
Please report back if this fixed u problem. So we can see all the solutions
to problems. So other people can also make use of them.
Greetings,
- ---
Erwin Fok t 015 - 21 21 907
Fox-IT Forensic IT Experts f 015 - 21 21 964
Oude Delft 47 e erwin () fox-it com
2611 BC Delft i www.fox-it.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: (Snort-users) Configure MySQL for multiple snort sensors Joe Pampel (Oct 19)