Snort mailing list archives
RE: Snort 2.0 as a Windows Service??
From: Erek Adams <erek () snort org>
Date: Wed, 23 Apr 2003 12:29:01 -0400 (EDT)
On Wed, 23 Apr 2003, Michael Steele wrote:
How can you tell he has two output database plugins?
Looking at the output there are two sets of data for DB.
database: compiled support for ( mysql odbc ) database: configured to use mysql database: user = snort database: password is set database: database name = snort database: host = 127.0.0.1 database: port = 3306 database: sensor name = Websrv15e database: sensor id = 2 database: schema version = 106 database: using the "alert" facility database: compiled support for ( mysql odbc ) database: configured to use mysql database: user = snort database: database name = snort database: host = 127.0.0.1 database: port = 3306 database: sensor name = Websrv15e ERROR: database: mysql_error: Access denied for user:
Two sets of the info from DB plugin means 2 sets of DB plugin lines. :)
In my documentation it specifies two output database lines. 0ne is alert and the other is log.
Ummm... Why? That's a bit redundant. If you look at this [0], you'll see how the DB plugin deals with it. "The database plugin is something of an anomaly because it doesn't separate the two functionalities very much. The "log" option attaches the log facility and the "alert" option attaches it to the alert facility. What this means in practical terms is that if the db plugin is in alert mode, it will only receive output from alert rules, whereas if it's in "log" mode it will receive output from both log and alert rules." So you don't need two DB lines. That's wasting time, effort, CPU, and network. If you 'want everything', then just use 'log' instead of 'alert'.
If he is using my docs, leave in both line, but make sure the syntax is correct. I'm assuming he has failed to properly setup the users in the database.
Nope. That's not it. If it was, would his first DB line work at all? :) It's something in the second DB output line that's causing the error.
He can also execute his run line with a -T at the end but most likely won't get much more information. He can also check the Application log and see what it's reporting.
-T would probably give more data that EventLog, but that's a guess from someone w/o a Win32 machine. :) Hope that helps! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.0 as a Windows Service?? kerberos K (Apr 22)
- RE: Snort 2.0 as a Windows Service?? Michael Steele (Apr 22)
- <Possible follow-ups>
- RE: Snort 2.0 as a Windows Service?? Uhte, Russ (Apr 22)
- RE: Snort 2.0 as a Windows Service?? kerberos K (Apr 22)
- RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Michael Steele (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Erek Adams (Apr 23)
- RE: Snort 2.0 as a Windows Service?? Michael Steele (Apr 23)