Snort mailing list archives
RE: Mysql question
From: David Markle <davidmarkle () comcast net>
Date: Fri, 25 Apr 2003 17:24:19 -0400
A couple of things could be hassling you. The first this is to validate that the snort RPM you got was compiled with --with-mysql=<dir>. If it was not, thats your problem. If it was in there, then: I do not want to insult your intelligence, but there could be several minor things wrong here. I am just guessing though. 1. Assuming by the host=10.1.10.2 its a remote mysql db ??? If not use host=localhost. 2. Make sure that the DB "SNORT" you created in mysql is correct. MySQL is case sensitive !! 3. I also assume that you created a user in mysql called "snort" with a password of "snort". If not, you'll need to use the default root acct in mysql. 4. ACID also needs some mysql configuration modifications for the front end to work properly. My Snort output plug for mysql is as follows: output database: log, mysql, user=root password=<mypasswd> dbname=snort host=localhost encoding=hex detail=Full Hope this helps. -----Original Message----- From: Jared Raddigan [mailto:jraddigan () kfh org]On Behalf Of jared () kfh org Sent: Friday, April 25, 2003 4:54 PM To: davidmarkle () comcast net Subject: RE: [Snort-users] Mysql question Oops I thought I put that in. Here is my snort.conf file settings: output database: log, mysql, user=snort password=snort dbname=SNORT host=10.1.10.2 Everything else is was left pretty much default. Thanks, Jared -----Original Message----- From: David Markle [mailto:davidmarkle () comcast net] Sent: Friday, April 25, 2003 1:21 PM To: jared () kfh org; snort-users () lists sourceforge net Subject: RE: [Snort-users] Mysql question What is you output plugin line for database giving this error ??? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of jared () kfh org Sent: Friday, April 25, 2003 4:08 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Mysql question I am trying to get snort to work with mysql. I am running RH9.0 mysql-3.23.54a-11 mysql-devel-3.23.54a-11 snort-1.9.1-1snort snort-mysql-1.9.1-1snort With everything installed from RPM's. Snort seems to be working good until modify the snort.conf file to have this: WARNING: unknown output plugin: 'database'1310 Snort rules read... 1310 Option Chains linked into 139 Chain Headers 0 Dynamic rules ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Mysql question jared (Apr 25)
- RE: Mysql question David Markle (Apr 25)
- <Possible follow-ups>
- RE: Mysql question David Markle (Apr 25)