Snort mailing list archives
RE: (Snort-users) multiple snorts to 1 mysql database
From: "Madziarczyk, Jonathan" <than () cityofevanston org>
Date: Tue, 2 Oct 2001 08:43:03 -0500
Woo Hoo! I'm rocking and rolling now... I cleared the user from the database and re-entered it (without my special characters "~") and I'm good to go now. Thanks for all your help. JonM -----Original Message----- From: sandro.poppi () wacker com [mailto:sandro.poppi () wacker com] Sent: Tuesday, October 02, 2001 12:38 AM To: than () cityofevanston org; snort-users () lists sourceforge net Subject: AW: (Snort-users) multiple snorts to 1 mysql database Hi, I just ran into the same prob. My solution was to delete the user and inserted it again using the following commands, but be careful if there are more users with the given hostname you have to specify a additional where clause on the delete statement: $ mysql -u root mysql mysql> delete from user where Host='host.domain.com'; mysql> insert into user (Host,User,Password) values('home.domain.com','snort',PASSWORD('NOT')); mysql> flush privileges; HTH Regards, Sandro
-----Ursprüngliche Nachricht----- Von: "Madziarczyk Jonathan" <than () cityofevanston org> at internet Gesendet: Montag, 1. Oktober 2001 17:42 An: snort-users () lists sourceforge net at Internet Betreff: [Snort-users] multiple snorts to 1 mysql database Hi all, I'm currently attempting to log a *nix snort box to a Win2k box running snort/mysql/acid. I am able to successfully log to mysql locally on the win2k box thanks to the directions provided by Silicon Defense. I have compiled snort on the *nix box --with-mysql=pathtomysql (I didn't really install mysql completely since I'm not logging to the local box, but it went through with no errors) and have the following statement in my snort.conf: output database: log, mysql, user=snort password=NOT dbname=snort sensor_name=linux host=10.1.4.150 port=3306 I then went into mysql and added the user snort () host domain com to the database with the same permissions that snort@localhost had(I can see it if I do a "mysql> select * from user;") Makes sense to me so far. However, when I try to run snort, I get the following: .......edited for space....... Using LOCAL time database: compiled support for ( mysql ) database: configured to use mysql database: user = snort database: password is set database: database name = snort database: sensor name = linux database: host = 10.1.4.150 database: port = 3306 database: mysql_error: Access denied for user: 'snort () host domain com' (Using password: YES) Fatal Error, Quitting.. Does anyone have any ideas? Thanks, JonM _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: (Snort-users) multiple snorts to 1 mysql database Madziarczyk, Jonathan (Oct 02)
- <Possible follow-ups>
- RE: (Snort-users) multiple snorts to 1 mysql database Hawk X (Oct 02)