Acid/MySQL and remote sensors

["Lists" <lists () paladinss com>]

All,

I have been successfully running Snort 1.8 on Win2k with ACID,MySql,PHP.
I essentially followed the very good paper by Michael Steele on Silicon
Defense's site.

Questions-  I have been unsuccessful in getting another sensor to log to
the MySQL database on the main Snort box (the main box works beautiful).
I have tried changing the: 

"output database: log, mysql, user=snort dbname=snort host=localhost"
line in the new sensor's snort.conf to have the host=IP Address of main
box.  No go.

Failure is not authorized to access database, although I don't believe
the default setting per Michael's doc requires any remote auth.

I notice in the MySQL .ini file that the default port (3306) is
commented out. Also username and password fields are commented out.  Do
I need to modify these?

Another issue: Anybody know how to force promisc. mode on a Linksys
10/100 card with Win2k?  Internet search reveals nothing, card might not
even support it.  Anybody now cards that do?



Ben Keepper

 



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users