Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Acid/MySQL and remote sensors

From: "Lists" <lists () paladinss com>
Date: Mon, 17 Sep 2001 15:40:03 -0700
No problem

-----Original Message-----
From: bferrell () microdisplay com [mailto:bferrell () microdisplay com] 
Sent: Monday, September 17, 2001 3:21 PM
To: Lists Smith
Subject: Re: [Snort-users] Acid/MySQL and remote sensors

Unfortunately, not that simple.  You have to make entries in the mysql
host
and user tables for the snort user.  I think your MySQL is running on a
MS
box?  You might want to look at the MySQL site for MySQL GUI.  It'll be
much easier to do.

WOuld you mind echoing this to the list?  It rejects my posts because my
mail hub refuses to verify me.  We do that not for anti-spam reasons,
but
to avoid giving out user info for anti-cracking reasons.



Lists wrote:


Do I do that by uncommenting the username and password fields in the
MySQL .ini and ensuring that the values are the same for the

snort.cont

file on the remote sensor?

Thanks,

Ben

-----Original Message-----
From: bferrell () microdisplay com [mailto:bferrell () microdisplay com]
Sent: Monday, September 17, 2001 3:02 PM
To: Lists Smith
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Acid/MySQL and remote sensors

You need to enable access for the snort user on the snort sensor at

the

MySQL database

Lists wrote:


All,

I have been successfully running Snort 1.8 on Win2k with

ACID,MySql,PHP.

I essentially followed the very good paper by Michael Steele on

Silicon

Defense's site.

Questions-  I have been unsuccessful in getting another sensor to

log

to

the MySQL database on the main Snort box (the main box works

beautiful).

I have tried changing the:

"output database: log, mysql, user=snort dbname=snort

host=localhost"

line in the new sensor's snort.conf to have the host=IP Address of

main

box.  No go.

Failure is not authorized to access database, although I don't

believe

the default setting per Michael's doc requires any remote auth.

I notice in the MySQL .ini file that the default port (3306) is
commented out. Also username and password fields are commented out.

Do

I need to modify these?

Another issue: Anybody know how to force promisc. mode on a Linksys
10/100 card with Win2k?  Internet search reveals nothing, card might

not

even support it.  Anybody now cards that do?

Ben Keepper



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: