Snort mailing list archives
RE: logging to a remote database with mudpit
From: "Lance Boon" <lboon () firststatebanksw com>
Date: Thu, 13 May 2004 12:08:05 -0500
Try this GRANT INSERT,SELECT ON snort.* TO snort@'%' IDENTIFIED BY "password"; http://dev.mysql.com/doc/mysql/en/GRANT.html http://dev.mysql.com/doc/mysql/en/Connection_access.html http://dev.mysql.com/doc/mysql/en/Adding_users.html -----Original Message----- From: Maetzky, Steffen (Extern) [mailto:Steffen.Maetzky () gedas de] Sent: Thursday, May 13, 2004 11:08 AM To: Lance Boon Subject: AW: [Snort-users] logging to a remote database with mudpit 1. Lets say that the remote-host = sensor1, other host = sensor2 and I want both logging to sensor1. Trying to connect from sensor1 to sensor1 (local) => works Trying to connect from sensor2 to sensor1 => failed Shutting down my firewall on sensor1 and retrying => still the same 2. Working on sensor1: I have given the grants for sensor2 in that way: mysql -p use snort; grant INSERT,SELECT on snort.* to snort; <= thinking that this give the grants to snort at other hosts flush privileges; -----Ursprüngliche Nachricht----- Von: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] Im Auftrag von Lance Boon Gesendet: Donnerstag, 13. Mai 2004 17:28 An: snort-users () lists sourceforge net Betreff: RE: [Snort-users] logging to a remote database with mudpit I'm confused now, you say you tried this from your remote host and it works, but trying the same from the other host failed??? Have you granted the "other" host privileges on the MySql server? -----Original Message----- From: Maetzky, Steffen (Extern) [mailto:Steffen.Maetzky () gedas de] Sent: Thursday, May 13, 2004 9:45 AM To: Lance Boon Subject: AW: [Snort-users] logging to a remote database with mudpit Trying this from my remote host works. Trying the same from the other host failed -----Ursprüngliche Nachricht----- Von: Lance Boon [mailto:lboon () firststatebanksw com] Gesendet: Donnerstag, 13. Mai 2004 16:24 An: Maetzky, Steffen (Extern) Betreff: RE: [Snort-users] logging to a remote database with mudpit Have you tried just logging into the mysql server from your remote host? For example mysql -h192.168.1.1 -usnort -p snort Just substitute the ip I put in there for your mysql server's ip. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Maetzky, Steffen (Extern) Sent: Thursday, May 13, 2004 8:54 AM To: 'Snort-users () lists sourceforge net' Subject: [Snort-users] logging to a remote database with mudpit Hi, I try to put data from a host to a mysql-database on a remote one with mudpit but I get the following error message: Host 'hostname' is not allowed to connect to this MySQL Server error initializing ".../mp_acid_out.so": retrying unrecognized parameter "server" On the remote-host I have given the grants: grant INSERT,SELECT on snort.* to snort identified by 'password'; flush privileges; On the local host I use (mudpit.conf): spool "/var/log/snort" { lock = "mysql" delete_processed user="root" output=".../mp_acid_out.so", "server <remote server ip>, user snort, password <password>, database snort, interface eth1" } I don't know what's going wrong. Any ideas? Thanks in advance, Steffen ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging to a remote database with mudpit Maetzky, Steffen (Extern) (May 13)
- <Possible follow-ups>
- RE: logging to a remote database with mudpit Lance Boon (May 13)
- RE: logging to a remote database with mudpit Lance Boon (May 13)