Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort + Acid w/ MySQL question(s)

From: "alexus" <ml () db nexgen com>
Date: Fri, 11 May 2001 22:15:29 -0400
that's it! now it's working just fine! thanks a lot !

----- Original Message -----
From: <roman () danyliw com>
To: "alexus" <ml () db nexgen com>
Cc: <snort-users () lists sourceforge net>
Sent: Friday, May 11, 2001 6:04 PM
Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)



This is because you are trying to redefine the built in facility
alert.  Scroll further down in the sample config file  until
you find the text:

# database: log to a variety of databases
# ---------------------------------------
# See the README.database file for more information about configuring
# and using this plugin.
#
# output database: log, mysql, user=root password=test dbname=snort17

host=localhost

# output database: log, postgresql, user=snort dbname=snort
# output database: log, unixodbc, user=snort dbname=snort

Uncomment and configure one of these database config lines.

Roman


if i change ruletype from redalert to alert or to log i get this

......
Initializing rule chains...
ERROR line /usr/local/bin/snort.conf (215): Duplicate keyword: alert
su-2.04#


----- Original Message -----
From: <roman () danyliw com>
To: "alexus" <ml () db nexgen com>
Cc: <snort-users () lists sourceforge net>
Sent: Friday, May 11, 2001 11:50 AM
Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)



Do you have rules which trigger on the facility "redalert".  The
default rules typically are "alert" or "log".

Roman


i used this file to create rest of tables, now all tables seems to

be

inplace
although still there are some strange things are happening:

when i go to http://box.nexgen.com/acid/

i dont see anything anything, i mean no data, that snort should've

put

into

database... any ideas?

that's part of my snort.conf about mysql db.

ruletype redalert
{
  type alert
  output alert_syslog: LOG_AUTH LOG_ALERT
  output database: log, mysql, user=xxx dbname=xxx host=localhost
password=xxx
}


----- Original Message -----
From: <roman () danyliw com>
To: "alexus" <ml () db nexgen com>
Cc: <snort-users () lists sourceforge net>
Sent: Thursday, May 10, 2001 5:23 PM
Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)



OK, lets avoid the automated table creation for now.  Try running
the SQL manually (create_acid_tbls_mysql.sql)

Roman


mysql> select * from user where user='alexus';






+-----------+--------+------------------+-------------+-------------+-------







------+-------------+-------------+-----------+-------------+-------------

--







+--------------+-----------+------------+-----------------+------------+----

--------+
| Host      | User   | Password         | Select_priv |

Insert_priv

|

Update_priv | Delete_priv | Create_priv | Drop_priv |

Reload_priv |

Shutdown_priv | Process_priv | File_priv | Grant_priv |

References_priv

|

Index_priv | Alter_priv |






+-----------+--------+------------------+-------------+-------------+-------







------+-------------+-------------+-----------+-------------+-------------

--







+--------------+-----------+------------+-----------------+------------+----

--------+
| localhost | alexus | 34484ed463a66850 | Y           | Y

| N

| Y           | N           | N         | N           | N

|

N

| N         | N          | N               | N          | N

|







+-----------+--------+------------------+-------------+-------------+-------







------+-------------+-------------+-----------+-------------+-------------

--







+--------------+-----------+------------+-----------------+------------+----

--------+
1 row in set (0.00 sec)

mysql>


i copy and paste mysql output to show you that i do have all

right

privileges

i also upgrade acid to 0.9.6b9 (which is latest beta for today)

it still doesn't work

----- Original Message -----
From: <roman () danyliw com>
To: "alexus" <ml () db nexgen com>
Cc: <snort-users () lists sourceforge net>
Sent: Thursday, May 10, 2001 11:18 AM
Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)



One observation:

- ACID 0.9.5 does not use ADODB.  This DB abstraction was
introduced in 0.9.6b2 (Jan 2001).  Hence, this addition into
acid_conf.php will be ignored.

Two recommendations:

- are you sure that you have CREATE permissions on the DB
user set in acid_conf.php?  If all else fails, try using the
"create_acid_tbls_mysql.sql" to manually create the ACID
tables.

- upgrade to a more recent version of ACID => 0.9.6b9.  There
are significant feature improvements as well as bug fixes.  If

you

prefer an older version, upgrade to at least 0.9.6b1 for it

has

a number of important bug fixes

cheers,
Roman


I'm using the following:

FreeBSD 4.3 - RELEASE (STABLE)
ACID-0.9.5 - RELEASE (STABLE)
ADODB v1.0.1 - RELEASE (STABLE)
PHP - 4.0.5 - RELEASE (STABLE)
APACHE - 1.3.19 - RELEASE (STABLE)
SNORT - 1.7 - RELEASE (STABLE)

to compile snort i used following line:
../configure --with-mysql=/usr/local/mysql;make;make install

i did change acid_conf.php i put path to adodb

in adodb

i put local path in adodb.inc.php

when i go to http://localhost/acid it redirects me to

acid_main.php

and

when

it gets there i get this:

The underlying database alexus@localhost apears to be

invalid.


The database version is valid, but the ACID DB structure

(table:

acid_ag) is

not present. Use the Setup page to configure and optimize

the DB


when i click on "Setup page"

in status window i get "DONE" for "Search Indexes" and i

have

"Create

ACID

AG" for "ACID tables" i'm assuming i need to click on

"Create

ACID

AG",

when

I do that nothing happenes, it won't disappear or it won't

change

status

to

"DONE".. what am i missing?




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/










---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: