Snort mailing list archives
Snort not working with mysql on a redhat machine
From: "Thomas Los" <tlos () trondent com>
Date: Thu, 4 Dec 2003 10:30:30 -0600
Hey Guys, I am using Redhat 8.0 and using Snort 2.0.5. I am using MySQL server version: 3.23.52. when i issue mysql i can connect to the sql server and i've gone ahead and made the user account for snort and assigned it a password. I also went ahead and make a username and password for acid as well. My SQL is configured like so, [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock [mysql.server] user=mysql basedir=/var/lib [safe_mysqld] err-log=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid So when i was configuring snort, i used the configure option of -with-mysql=/var/lib/mysql . It compiled properly, and so the next thing i had to do was specify the mysql connection in my snort config file. I was using a guide for this and might have made an error, the line that specifies the sql in my snort config looks like this. Now mind you i got this from a RedHat Book. I'm used to working with snort on FreeBSD and have to work with some redhat servers at work... (ugh). ---> output database: log, mysql, user=snort password=snortsnarf dbname=snort_db host=localhost <--- When i try to run snort like i usually do, snort starts up and shows mysql but it says, Using LOCAL time database: compiled support for ( ) database: configured to use mysql database: 'mysql' support is not compiled into this build of snort ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm, or Windows), then check for alternate builds that contains the necessary 'mysql' support. If this build of snort was compiled by you, then re-run the the ./configure script using the '--with-mysql' switch. For non-standard installations of a database, the '--with-mysql=DIR' syntax may need to be used to specify the base directory of the DB install. See the database documentation for cursory details (doc/README.database). and the URL to the most recent database plugin documentation. Fatal Error, Quitting.. [root@powell snort]# Now i'm wondering what the hell am i doing wrong? I am assuming the output line must be wrong and wanted to ask you guys for general guidance on how i can get past this little hurdle? . The last thing i'm wondering, Can i get snort to log to both syslog, /var/log/snort/ and to the Mysql database? Thanks to all for any kind of help or guidance. Tom.Los Network Systems Support Trondent Development Services Corp Http://www.trondent.com
Current thread:
- Snort not working with mysql on a redhat machine Thomas Los (Dec 04)