Snort mailing list archives
Snort logging to encrypted MySQL (ssl) server
From: "Jason Monroe \"JC\"" <monroe () nas nasa gov>
Date: 04 Nov 2003 12:36:21 -0800
Hi Dave, Short answer: Native Mysql/Snort crypto NOT RIGHT NOW! snort-2.0.2/src/output-plugins/spo_database.c doesn't provide the stubs to do what you're trying to do. Snort v2.0.3 is the same story. I think you want something like (or at least places to fill the following values in) from mysql-4.0.16/include/sslopt-longopts.h {"ssl", OPT_SSL_SSL, "Enable SSL for connection (automatically enabled with other flags). Disable with --skip-ssl", (gptr*) &opt_use_ssl, (gptr*) &opt_use_ssl, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, {"ssl-key", OPT_SSL_KEY, "X509 key in PEM format (implies --ssl)", (gptr*) &opt_ssl_key, (gptr*) &opt_ssl_key, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, {"ssl-cert", OPT_SSL_CERT, "X509 cert in PEM format (implies --ssl)", (gptr*) &opt_ssl_cert, (gptr*) &opt_ssl_cert, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, {"ssl-ca", OPT_SSL_CA, "CA file in PEM format (check OpenSSL docs, implies --ssl)", (gptr*) &opt_ssl_ca, (gptr*) &opt_ssl_ca, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, {"ssl-capath", OPT_SSL_CAPATH, "CA directory (check OpenSSL docs, implies --ssl)", (gptr*) &opt_ssl_capath, (gptr*) &opt_ssl_capath, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, {"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl)", (gptr*) &opt_ssl_cipher, (gptr*) &opt_ssl_cipher, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, snort/src/output-plugins/spo_database.c /* Snort Database Output Plug-in * * Maintainer: Roman Danyliw <rdd () cert org>, <roman () danyliw com> * * Originally written by Jed Pickel <jed () pickel net> (2000-2001) * * See the doc/README.database file with this distribution * documentation or the snortdb web site for configuration * information * * Web Site: http://www.andrew.cmu.edu/~rdanyliw/snortdb/snortdb.html */ Be aware the the link for "web site" produces a 404, but as Marty told me you're encouraged to mail the maintainer to add a tally to the board of people who would like to make use of various crypto functionality that is provided natively by their various database engines. In the mean time you can make use stunnel a fairly good tutorial is provided for you by Mr. Jason Chan @ http://www.samag.com/documents/s=1147/sam0108b/0108b.htm If by chance this article doesn't provide you with enough information I have a more in depth step by step for stunnel if you're interested. Thanks, JC ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort logging to encrypted MySQL (ssl) server Jason Monroe "JC" (Nov 04)