Snort mailing list archives
Re: Snort + Acid w/ MySQL question(s)
From: "alexus" <ml () db nexgen com>
Date: Fri, 11 May 2001 22:15:29 -0400
that's it! now it's working just fine! thanks a lot ! ----- Original Message ----- From: <roman () danyliw com> To: "alexus" <ml () db nexgen com> Cc: <snort-users () lists sourceforge net> Sent: Friday, May 11, 2001 6:04 PM Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
This is because you are trying to redefine the built in facility alert. Scroll further down in the sample config file until you find the text: # database: log to a variety of databases # --------------------------------------- # See the README.database file for more information about configuring # and using this plugin. # # output database: log, mysql, user=root password=test dbname=snort17
host=localhost
# output database: log, postgresql, user=snort dbname=snort # output database: log, unixodbc, user=snort dbname=snort Uncomment and configure one of these database config lines. Romanif i change ruletype from redalert to alert or to log i get this ...... Initializing rule chains... ERROR line /usr/local/bin/snort.conf (215): Duplicate keyword: alert su-2.04# ----- Original Message ----- From: <roman () danyliw com> To: "alexus" <ml () db nexgen com> Cc: <snort-users () lists sourceforge net> Sent: Friday, May 11, 2001 11:50 AM Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)Do you have rules which trigger on the facility "redalert". The default rules typically are "alert" or "log". Romani used this file to create rest of tables, now all tables seems to
be
inplace although still there are some strange things are happening: when i go to http://box.nexgen.com/acid/ i dont see anything anything, i mean no data, that snort should've
put
intodatabase... any ideas? that's part of my snort.conf about mysql db. ruletype redalert { type alert output alert_syslog: LOG_AUTH LOG_ALERT output database: log, mysql, user=xxx dbname=xxx host=localhost password=xxx } ----- Original Message ----- From: <roman () danyliw com> To: "alexus" <ml () db nexgen com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, May 10, 2001 5:23 PM Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)OK, lets avoid the automated table creation for now. Try running the SQL manually (create_acid_tbls_mysql.sql) Romanmysql> select * from user where user='alexus';
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+ | Host | User | Password | Select_priv |
Insert_priv
|Update_priv | Delete_priv | Create_priv | Drop_priv |
Reload_priv |
Shutdown_priv | Process_priv | File_priv | Grant_priv |References_priv|Index_priv | Alter_priv |
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+ | localhost | alexus | 34484ed463a66850 | Y | Y| N| Y | N | N | N | N|N| N | N | N | N | N|
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+ 1 row in set (0.00 sec) mysql> i copy and paste mysql output to show you that i do have all
right
privileges i also upgrade acid to 0.9.6b9 (which is latest beta for today) it still doesn't work ----- Original Message ----- From: <roman () danyliw com> To: "alexus" <ml () db nexgen com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, May 10, 2001 11:18 AM Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)One observation: - ACID 0.9.5 does not use ADODB. This DB abstraction was introduced in 0.9.6b2 (Jan 2001). Hence, this addition into acid_conf.php will be ignored. Two recommendations: - are you sure that you have CREATE permissions on the DB user set in acid_conf.php? If all else fails, try using the "create_acid_tbls_mysql.sql" to manually create the ACID tables. - upgrade to a more recent version of ACID => 0.9.6b9. There are significant feature improvements as well as bug fixes. If
you
prefer an older version, upgrade to at least 0.9.6b1 for it
has
a number of important bug fixes cheers, RomanI'm using the following: FreeBSD 4.3 - RELEASE (STABLE) ACID-0.9.5 - RELEASE (STABLE) ADODB v1.0.1 - RELEASE (STABLE) PHP - 4.0.5 - RELEASE (STABLE) APACHE - 1.3.19 - RELEASE (STABLE) SNORT - 1.7 - RELEASE (STABLE) to compile snort i used following line: ../configure --with-mysql=/usr/local/mysql;make;make install i did change acid_conf.php i put path to adodb in adodb i put local path in adodb.inc.php when i go to http://localhost/acid it redirects me toacid_main.phpandwhenit gets there i get this: The underlying database alexus@localhost apears to be
invalid.
The database version is valid, but the ACID DB structure
(table:
acid_ag) isnot present. Use the Setup page to configure and optimize
the DB
when i click on "Setup page" in status window i get "DONE" for "Search Indexes" and i
have
"CreateACIDAG" for "ACID tables" i'm assuming i need to click on
"Create
ACIDAG",whenI do that nothing happenes, it won't disappear or it won'tchangestatusto"DONE".. what am i missing? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort + Acid w/ MySQL question(s) alexus (May 10)
- <Possible follow-ups>
- Re: Snort + Acid w/ MySQL question(s) roman (May 10)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 10)
- Re: Snort + Acid w/ MySQL question(s) Koaps (May 10)
- Re: Snort + Acid w/ MySQL question(s) roman (May 10)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) alexus (May 11)
- Re: Snort + Acid w/ MySQL question(s) roman (May 13)
(Thread continues...)