Snort mailing list archives
RE: Only half off topic..maybe
From: "Harper, Patrick" <patrick.harper () phns com>
Date: Wed, 2 Jun 2004 08:58:10 -0500
There is a sql script that comes with snort (as well as a db extra script) that you have to run first. Here is one way of doing it. The paths might be different for you but the method is about the same. /usr/local/mysql/bin/mysql mysql> SET PASSWORD FOR root@localhost=PASSWORD('new_password');
Query OK, 0 rows affected (0.25 sec)
mysql> create database snort;
Query OK, 1 row affected (0.01 sec)
mysql> grant INSERT,SELECT on root.* to snort@localhost;
Query OK, 0 rows affected (0.02 sec)
mysql> SET PASSWORD FOR snort@localhost=PASSWORD('new_password');
Query OK, 0 rows affected (0.25 sec)
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort@localhost;
Query OK, 0 rows affected (0.02 sec)
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
Query OK, 0 rows affected (0.02 sec)
mysql> exit
Bye
From the Snort source directory execute the following command (when
working with MySQL, if it asks Then install the extra DB tables using the following command from the contrib directory (you will need to cd to contrib) zcat snortdb-extra.gz |/usr/local/mysql/bin/mysql -p snort Enter password: Now you need to check and make sure that the snort DB was created correctly /usr/local/mysql/bin/mysql -p
Enter password:
mysql> SHOW DATABASES; (You should see the following) +------------+ | Database +------------+ | mysql | snort | test +------------+ 3 rows in set (0.00 sec) mysql> use snort
Database changed
mysql> SHOW TABLES; +------------------+ | Tables_in_snort +------------------+ | data | detail | encoding | event | flags | icmphdr | iphdr | opt | protocols | reference | reference_system | schema | sensor | services | sig_class | sig_reference | signature | tcphdr | udphdr +------------------+ 19 rows in set (0.00 sec)>Bye -----Original Message----- From: Jeff Price [mailto:misterunix () cox net] Sent: Tuesday, June 01, 2004 8:54 PM To: snort-users () lists sourceforge net Cc: Jeff Price Subject: Re: [Snort-users] Only half off topic..maybe Thank you for your interest in helping me. The issue is with a new install with the latest downloads (acid, installed on LINUX Redhat 9.0. During the installation process when the tables are created for the database there are not enough tables being created, it only creates four. Am I missing something in the documentation? The documentation speaks of the tables as though they should have been created, unfortunately the documentation does not provide enough information, other than grants, so I can't create the remaining tables on my own. I have even looked at previous releases of acid and the sql script only creates four tables at least in MySQL. error message reads The underlying database snort_log@localhost appears to be incomplete/invalid Database ERROR:Table 'snort_log.iphdr' doesn't exist It might be an older version. Only alert databases created by Snort 1.7-beta0 or later are supported Thanks in advance Jeff Price ----- Original Message ----- From: "Harper, Patrick" <patrick.harper () phns com> To: "Jeff Price" <jeff () misterunix com>; <snort-users () lists sourceforge net> Sent: Tuesday, June 01, 2004 12:32 PM Subject: RE: [Snort-users] Only half off topic..maybe What problems are you having? -----Original Message----- From: Jeff Price [mailto:jeff () misterunix com] Sent: Thursday, May 27, 2004 11:21 AM To: snort-users () lists sourceforge net Cc: Jeff Price Subject: [Snort-users] Only half off topic..maybe I am having an issue using ACID with SNORT, it is an ACID issue, what discussion group do I go to for help with ACID? My apologies for posting partially off topic. Thanks Jeff Price ++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Only half off topic..maybe Jeff Price (Jun 01)
- <Possible follow-ups>
- RE: Only half off topic..maybe Harper, Patrick (Jun 01)
- Re: Only half off topic..maybe Jeff Price (Jun 01)
- Re: Only half off topic..maybe David Alonso De La Vega Tapage (Jun 02)
- Re: Only half off topic..maybe Jeff Price (Jun 01)
- RE: Only half off topic..maybe Harper, Patrick (Jun 02)