Snort mailing list archives
RE: Acid/MySQL and remote sensors
From: "Lists" <lists () paladinss com>
Date: Mon, 17 Sep 2001 15:40:03 -0700
No problem -----Original Message----- From: bferrell () microdisplay com [mailto:bferrell () microdisplay com] Sent: Monday, September 17, 2001 3:21 PM To: Lists Smith Subject: Re: [Snort-users] Acid/MySQL and remote sensors Unfortunately, not that simple. You have to make entries in the mysql host and user tables for the snort user. I think your MySQL is running on a MS box? You might want to look at the MySQL site for MySQL GUI. It'll be much easier to do. WOuld you mind echoing this to the list? It rejects my posts because my mail hub refuses to verify me. We do that not for anti-spam reasons, but to avoid giving out user info for anti-cracking reasons. Lists wrote:
Do I do that by uncommenting the username and password fields in the MySQL .ini and ensuring that the values are the same for the
snort.cont
file on the remote sensor? Thanks, Ben -----Original Message----- From: bferrell () microdisplay com [mailto:bferrell () microdisplay com] Sent: Monday, September 17, 2001 3:02 PM To: Lists Smith Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Acid/MySQL and remote sensors You need to enable access for the snort user on the snort sensor at
the
MySQL database Lists wrote:All, I have been successfully running Snort 1.8 on Win2k withACID,MySql,PHP.I essentially followed the very good paper by Michael Steele onSiliconDefense's site. Questions- I have been unsuccessful in getting another sensor to
log
tothe MySQL database on the main Snort box (the main box worksbeautiful).I have tried changing the: "output database: log, mysql, user=snort dbname=snort
host=localhost"
line in the new sensor's snort.conf to have the host=IP Address ofmainbox. No go. Failure is not authorized to access database, although I don't
believe
the default setting per Michael's doc requires any remote auth. I notice in the MySQL .ini file that the default port (3306) is commented out. Also username and password fields are commented out.DoI need to modify these? Another issue: Anybody know how to force promisc. mode on a Linksys 10/100 card with Win2k? Internet search reveals nothing, card mightnoteven support it. Anybody now cards that do? Ben Keepper _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid/MySQL and remote sensors Lists (Sep 17)
- <Possible follow-ups>
- RE: Acid/MySQL and remote sensors Lists (Sep 17)