Snort mailing list archives
Re: Snort Logging on Linux but NOT to MYSQL on windows
From: Erek Adams <erek () snort org>
Date: Wed, 12 Feb 2003 08:34:58 -0500 (EST)
On Tue, 11 Feb 2003, mike Hughes wrote:
Ok i have snort working and logging on my LINUX machine192.168.0.1. They are alerts in /var/log/snort/alerts and portscan. I have it setup soo it is suppose to log to my windows machine192.168.0.69 running mysql. I have been using this as my reference: http://www.sans.org/rr/intrusion/practical_guide.php Im on the last step but the MYSQL on my windows machine is not logging anything. I know that my Linux machine is connected to MYSQL on the windows machine becasue im using KERIO firewall and it shows the MYSQL connected to 192.168.0.1 and transferring data but i cant see anything in the events. I dont have a CLUE why or how to DEBUG this. Can someone help. If you need my /etc/snort.conf file it is posted here: http://sourceforge.net/mailarchive/forum.php?thread_id=1638741&forum_id=3972
It sounds like you simply don't have the user and or the permissions for the user created in MySQL. If that's not done, the snort process will not be able to write to the DB, so you'd never see any events. Check the output of 'show database;' and 'show grants;'. That should let you see the DB and the user's perms. If you don't have anything, rerun the create_mysql script from the contrib directory. As for testing, I'd just simply turn on the ping rules and ping the box from an external source. If you see it logged, you're up and running. If not, you've not done something right. I'd then suggest checking out the ACID install guide [0] and ACID FAQ [1] and perhaps even the Snort FAQ [2] for some other things to check. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://acidlab.sourceforge.net/acid_config.html [1] http://acidlab.sourceforge.net/acid_faq.html [2] http://www.snort.org/docs/faq.html http://www.theadamsfamily.net/~erek/snort/faq.html (a newer version of what's on snort.org) ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Logging on Linux but NOT to MYSQL on windows mike Hughes (Feb 11)
- Re: Snort Logging on Linux but NOT to MYSQL on windows Erek Adams (Feb 12)
- RE: Snort Logging on Linux but NOT to MYSQL on windows Vicky Mair (Feb 12)
- <Possible follow-ups>
- RE: Snort Logging on Linux but NOT to MYSQL on windows L. Christopher Luther (Feb 12)
- RE: Snort Logging on Linux but NOT to MYSQL on windows mike Hughes (Feb 13)
- Re: RE: Snort Logging on Linux but NOT to MYSQL on windows Erek Adams (Feb 13)
- RE: Snort Logging on Linux but NOT to MYSQL on windows L. Christopher Luther (Feb 13)