Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort - Fatal Error

From: "Harper, Patrick" <patrick.harper () phns com>
Date: Mon, 26 Jul 2004 08:57:32 -0500
Try logging on to mysql as the snort user and make sure it has access.
That might be your problem.  Go over the section that does the access
grants to the snort user again 

-----Original Message-----
From: Shankar [mailto:list () zeeaccess com] 
Sent: Monday, July 26, 2004 7:14 AM
To: prabu; Snort-Users
Subject: RE: [Snort-users] Snort - Fatal Error

On Monday, July 26, 2004 4:52 PM prabu wrote:

To: Shankar; Snort-Users
Subject: Re: [Snort-users] Snort - Fatal Error Hello Shankar,
     First tell about your database configuration.I guess that u might

have

not commented the (/etc/snort/snort.conf:453 line,since it is used for 
enabling log alerts to syslog.U should comment this line,if u want to

enable

the databes loggging,since that line of the config file specifies to 
alert the output of logs to syslog.



if u r using databes logging ,then ur snort.conf should have line as, 
for example,output database: log, mysql, dbname=snort user=root 
host=localhost password=kovai



dear prabu,

Thx for the mail/help. My database configuration is as below output
database: log, mysql, user=snort password=mypassword dbname=snort
host=localhost i use user snort instead of root.

# mysql -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 26 to server version: 3.23.58

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+----------+
| Database |
+----------+
| mysql    |
| snort    |
| test     |
+----------+
3 rows in set (0.00 sec)

mysql> use snort
Reading table information for completion of table and column names You
can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+------------------+
| Tables_in_snort  |
+------------------+
| acid_ag          |
| acid_ag_alert    |
| acid_event       |
| acid_ip_cache    |
| data             |
| detail           |
| encoding         |
| event            |
| flags            |
| icmphdr          |
| iphdr            |
| opt              |
| protocols        |
| reference        |
| reference_system |
| schema           |
| sensor           |
| services         |
| sig_class        |
| sig_reference    |
| signature        |
| tcphdr           |
| udphdr           |
+------------------+
23 rows in set (0.00 sec)

mysql>


If i comment the Output line and type #snort -c /etc/snort/snort.conf
then process hangs here and i dont get my # prompt back need to break
it(ctrl^c)
   --== Initialization Complete ==--

-*> Snort! <*-
Version 2.1.3 (Build 27)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

thx in advance for ur mail/help.

Regards,
Shankar.





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java
Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: