Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort WIN32 (Logging to UNIX MySQL DB) error

From: "Michael Steele" <michaels () silicondefense com>
Date: Fri, 18 Jan 2002 11:46:43 -0800
William,

I'm assuming you have multiple sensors and want to log to one database.
You also have 1 windows box that you want to log to a MySQL database on
a UNIX box?

First, you need to install Snort for MySQL on the windows machine and
set it up. In the conf file you need to direct snort to use the database
on the UNIX box. If you have a static IP on your UNIX box, you can use
that. If you have DHCP then you will need to setup DNS on the UNIX box
to use names. Then you will need to give the proper permissions for the
user on the windows box to MySQL on the UNIX box. I believe that is all
you need.

I may have left something out and if I did, maybe someone else can jump
in.

-Mike

Commercial Snort Support <<->> 1.866.41.SNORT
  Silicon Defense - www.silicondefense.com
    Home of the new SENTRUS Snort sensor!
  Michael Steele - Snort Support Technician


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of William D.
Pool
Sent: Friday, January 18, 2002 9:28 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort WIN32 (Logging to UNIX MySQL DB) error

When, I Do test configuration this is what I get.   I've been to Silicon
Defense, but the docs all cover installing a full blown IDS system.

I'm interested in two things:

How to Install Snort with MySQL support
Have Snort log to the UNIX DB.

Are there any docs or instructions for doing this simple task?

I got the UNIX part figured out, I'm not familar with the Microsoft
stuff.
Any advice / steps / procedures would be appricated.


William D. Pool
www.icephyre.net
_____________________________________________
GPG Public ID: EE3D7A83                      |
PGP6 Public ID: 065DEF8B
----------------------------------------------
"Reality, is only fiction put into production"

---------- Forwarded message ----------
Date: Fri, 18 Jan 2002 10:06:05 -0600 (CST)
From: William D. Pool <locutus () icephyre net>
To: Michael Steele <michaels () silicondefense com>
Subject: RE: [Snort-users] Snort 183 Windows Binary (Flex+MySQL Support)

Okay, I'm getting another error it is:

WARNING: command line overrides rules file alert plugin
ERROR: Unable to open rules file: classification.config or
./classification.config

Fatal Error, Quitting..


The file is there and is read/writeable.  Other ideas?

This might sound dumb, but isn't there a way to just have the directory
have everything i Need for 2K and just run snort.exe ?

Thanks,


William D. Pool
www.icephyre.net
_____________________________________________
GPG Public ID: EE3D7A83                      |
PGP6 Public ID: 065DEF8B
----------------------------------------------
"Reality, is only fiction put into production"

On Wed, 16 Jan 2002, Michael Steele wrote:


William,

Remove the entire install of Snort and manually install each package.

Be

absolutely sure that you have removed all of WinPcap prior to

installing

the latest release, not the BETA! Check our site out for the complete
installation instructions for Windows.

-Mike

Commercial Snort Support <<->> 1.866.41.SNORT
  Silicon Defense - www.silicondefense.com
    Home of the new SENTRUS Snort sensor!
  Michael Steele - Snort Support Technician


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of William

D.

Pool
Sent: Wednesday, January 16, 2002 9:39 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort 183 Windows Binary (Flex+MySQL Support)


I've downloaded the Windows binary for Snort 1.8.3 that includes

Flexrp

and MySQL support.

I configure everything the way It's supposed to (or believe for this
program), but get the following error.

If anyone knows how to get past this I'd greatly appricate the

knowlege.

Thanks.

|> IDScenter test console <|
--Press ENTER after checking Snorts output --
Log directory = log

Initializing Network Interface \
ERROR: OpenPcap<> FSM compilation failed:
      Syntax error
PCAPM command: Files\Sourcefire\Snort\snort.conf -l C:\Program
Files\Sourcefire\Snort -A full -h any
Fatal Error, Quitting..


William D. Pool
www.icephyre.net
_____________________________________________
GPG Public ID: EE3D7A83                            |
PGP6 Public ID: 065DEF8B
----------------------------------------------
"Reality, is only fiction put into production"





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: