Configure MySQL for multiple snort sensors

["Joe Pampel" <joe () ardsley com>]

Hi - 

I've been trying to get multiple snort sensors to log to a mysql database, with no luck so far.
I edited the mysql ini file to show the database binding to the machine's IP (not localhost)
and using port 3306.  In snort.conf I use the same settings (database at that IP..)
and I created a user on the DB which takes the form of "sensorname@192.168.0.1". What I get
when I try to fire up the sensor is an error message which says 
"database: my_sql error: Access denied for user: 'sensorname@<ip address>' (Using password: YES)
Fatal Error. Quitting.

Now I have set passwords, I did create the user in MySQL.. (maybe I did it wrong?) I went through the Snort 
FAQ and found nothing on multiple sensor setups. (ideally I'd like to run 4 or more of them).

For now the system (snort/mysql/acid) is running under Win32 until I can get my 'nix up to speed. 
(I'm having trouble with the libpcap install ok?)  It runs great as one local sensor reporting to localhost,
but now I want *more*..  Anyhow I would imagine the config issue is common to both 
platforms. Any pointers, links to docs, cruel mocking laughter, etc all appreciated. If I find any 
I'll post them to the list.  I'm currently looking at http://www.mysql.com/doc/A/c/Access_denied.html 
and am hoping it will do the trick but am really hoping to find something snort specific.. 

TIA,

Joe

btw Snort with the ACID frontend has been a real lifesaver around here for me. One thing I didn't expect
from it was that it catches odd situations on my network and helps me proactively fix problems while they
are small.. a nice extra.. 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users