Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mysql issue

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 22 Nov 2012 18:06:49 -0500
On 11/22/2012 17:37, k vijay sai prashanth wrote:

Hello fellow snort users,

I seek advice with for resolving an issue.

I don't wish to create any separate user for snort and would like to stick to
root user.


why? you really should not, though... running snort as root allows for a 
possible security breach...


So I have skipped the following step from the installation guide: "groupadd
snort && useradd -g snort snort"

In my barnyard2.conf I've included the below line:

output database: log, mysql, user=root password=rootpassword dbname=snort
host=localhost

should it be as below or as above:


it should not matter as this is only the database access for the BY2 app to 
place the data in the database...


output database: log, mysql, user=snort password=rootpassword dbname=snort
host=localhost

I've tried both and both ways I seem to be having no events logged on the mysql
database.

I performed this step while setting up the database though.

SET PASSWORD FOR snort@localhost=PASSWORD('rootpassword');

Is this step okay.


i'm not sure... i don't recall that step taking that format... but it may be 
valid... the mysql docs should show the proper format with an example in which 
you simply substitute your user's name and password where needed... and make 
sure you get the host that the user is connecting from correct too... in other 
words, if you only connect to mysql via localhost, then user@localhost would be 
fine... however, if you have mysql set up for accessing from other hosts, then 
you /might also/ need user@somehost with the same privs... maybe the same 
password... maybe not... that depends on how you allow the user to access...


I dont get events and barnyard2 says *waiting for new data* when run. What am I
doing wrong?


that indicates that BY2 has not seen any new data in the file(s) it monitors... 
is this after you ran BY2 in bulk processing mode and then maybe you are trying 
to "return" to live processing mode or??

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: