Re: MySql and Snort

[Anne Carasik <gator () cacr caltech edu>]

Hi Cilin,

This helped me the best for getting mysql and snort to
talk with one another:

From http://online.securityfocus.com/infocus/1640:

# cd /usr/share/doc/snort-mysql/contrib.
# gunzip -d create_mysql.gz
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
mysql> create database snort_log;
mysql> connect snort_log;
mysql> source create_mysql
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to
snort;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to
snort@localhost;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to
acid;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to
acid@localhost;
mysql> create database snort_archive;
mysql> connect snort_archive;
mysql> source create_mysql
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_archive.*
to acid;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_archive.*
to acid@localhost;
mysql> set password for 'snort'@'localhost'=password('');
mysql> set password for 'snort'@'%'=password('');
mysql> set password for 'acid'@'localhost'=password('');
mysql> set password for 'acid'@'%'=password('');
mysql> exit

Note that the directions are for Debian Linux, so YMMV.

-Anne

Cilin grabbed a keyboard and typed...
> Hi, I am newbie to snort and also have the problem of
> Snort not logging into the MySql database. I did the
> following steps, as recommended in one of the earlier
> emails but nothing helped.
>
> 1.  Created the database snort in MySQL with
> appropriate permissions for users and hosts.
> 2.  Ran the script contrib/create_mysql in the snort
> source code against the database as a user with the
> correct permissions.
> 3.   Uncommented and supplied user, password, database
> and host for the output database line for mysql in the
> snort.conf file.
> 4.   Restarted Snort.
>
> and still nothing
> Snort does log the scans (scan.log gets updated every
> time i run a scan over the network)
> However i haven't gotten a single error yet.
> (alert.ids is 0Kb)
>
> when i run snort from the command line via 
> "snort -v -i 1" I get:
>
> 0 dropped packages
>
> Action stats:
> Alerts: 0
> Logs  : 0
> Passed: 0
>
> Wireless Stats, Fragmentation Stats, TCP Stream
> Reasembly stats have ONLY '0's.
>
> Please help, i have searched the internet and the
> forums for any clues for the past 2 weeks but didn't
> find anything.
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
              .-"".__."``".   Anne Carasik, System Administrator
 .-.--. _...' (/)   (/)   ``'   gator at cacr dot caltech dot edu 
(O/ O) \-'      ` -="""=.    ',  Center for Advanced Computing Research    
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attachment: _bin
Description: