Snort mailing list archives
Re: Snort + Acid w/ MySQL question(s)
From: roman () danyliw com
Date: Fri, 11 May 2001 15:50:39 US/Eastern
Do you have rules which trigger on the facility "redalert". The default rules typically are "alert" or "log". Roman
i used this file to create rest of tables, now all tables seems to be inplace although still there are some strange things are happening: when i go to http://box.nexgen.com/acid/ i dont see anything anything, i mean no data, that snort should've put into database... any ideas? that's part of my snort.conf about mysql db. ruletype redalert { type alert output alert_syslog: LOG_AUTH LOG_ALERT output database: log, mysql, user=xxx dbname=xxx host=localhost password=xxx } ----- Original Message ----- From: <roman () danyliw com> To: "alexus" <ml () db nexgen com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, May 10, 2001 5:23 PM Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)OK, lets avoid the automated table creation for now. Try running the SQL manually (create_acid_tbls_mysql.sql) Romanmysql> select * from user where user='alexus';+-----------+--------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+ | Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv|Index_priv | Alter_priv |+-----------+--------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+ | localhost | alexus | 34484ed463a66850 | Y | Y | N | Y | N | N | N | N |N| N | N | N | N | N |+-----------+--------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+ 1 row in set (0.00 sec) mysql> i copy and paste mysql output to show you that i do have all right privileges i also upgrade acid to 0.9.6b9 (which is latest beta for today) it still doesn't work ----- Original Message ----- From: <roman () danyliw com> To: "alexus" <ml () db nexgen com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, May 10, 2001 11:18 AM Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)One observation: - ACID 0.9.5 does not use ADODB. This DB abstraction was introduced in 0.9.6b2 (Jan 2001). Hence, this addition into acid_conf.php will be ignored. Two recommendations: - are you sure that you have CREATE permissions on the DB user set in acid_conf.php? If all else fails, try using the "create_acid_tbls_mysql.sql" to manually create the ACID tables. - upgrade to a more recent version of ACID => 0.9.6b9. There are significant feature improvements as well as bug fixes. If you prefer an older version, upgrade to at least 0.9.6b1 for it has a number of important bug fixes cheers, RomanI'm using the following: FreeBSD 4.3 - RELEASE (STABLE) ACID-0.9.5 - RELEASE (STABLE) ADODB v1.0.1 - RELEASE (STABLE) PHP - 4.0.5 - RELEASE (STABLE) APACHE - 1.3.19 - RELEASE (STABLE) SNORT - 1.7 - RELEASE (STABLE) to compile snort i used following line: ../configure --with-mysql=/usr/local/mysql;make;make install i did change acid_conf.php i put path to adodb in adodb i put local path in adodb.inc.php when i go to http://localhost/acid it redirects me to acid_main.phpandwhenit gets there i get this: The underlying database alexus@localhost apears to be invalid. The database version is valid, but the ACID DB structure (table:acid_ag) isnot present. Use the Setup page to configure and optimize the DB when i click on "Setup page" in status window i get "DONE" for "Search Indexes" and i have"CreateACIDAG" for "ACID tables" i'm assuming i need to click on "Create ACIDAG",whenI do that nothing happenes, it won't disappear or it won't changestatusto"DONE".. what am i missing? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort + Acid w/ MySQL question(s) alexus (May 10)
- <Possible follow-ups>
- Re: Snort + Acid w/ MySQL question(s) roman (May 10)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 10)
- Re: Snort + Acid w/ MySQL question(s) Koaps (May 10)
- Re: Snort + Acid w/ MySQL question(s) roman (May 10)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
(Thread continues...)