Snort mailing list archives
Re: Snort loggin into MySQL
From: "Warrick FitzGerald" <wfitzgerald () livetechnology com>
Date: Sat, 19 Jan 2002 18:37:44 -0500
Thanks Guys, That worked great :) ----- Original Message ----- From: "Chris Keladis" <Chris.Keladis () cmc cwo net au> To: "Warrick FitzGerald" <wfitzgerald () livetechnology com> Cc: <snort-users () lists sourceforge net> Sent: Saturday, January 19, 2002 6:22 PM Subject: Re: [Snort-users] Snort loggin into MySQL
Hi Warrick, Grant access to your sensor as follows (from a mysql 'root' session): GRANT SELECT,INSERT on snort.* to sniff@localhost identified by 'mypassword'; Naturally change mypassword to something only you know. Ensure you also do (newer mysqls dont need this i think): mysql> flush privileges; Regards, Chris. Warrick FitzGerald wrote:Hi All, Im no MySQL fundie, but I created a user "sniff" in MySQL, and do not
seem
to be able to get snort to start up with these cridentials. I get the following error ....--------------------------------------------------------------------------
--
-- database: compiled support for ( mysql postgresql ) database: configured to use mysql database: user = sniff database: password is set database: database name = snort database: host = localhost database: sensor name = 10.10.52.23 database: mysql_error: Access denied for user: 'sniff@localhost' (Using password: YES) Fatal Error, Quitting..--------------------------------------------------------------------------
--
-- Any ideas ? Thanks Warrick ----- Original Message ----- From: "Ronneil Camara" <ronneilc () remingtonltd com> To: <snort-users () lists sourceforge net> Sent: Saturday, January 19, 2002 2:51 PM Subject: [Snort-users] about pass rule Is it just replacing the word "alert" with "pass" so that it ignores the attack? Example. alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS cmd.exe access"; flags: A+; content:"cmd.exe"; nocase; classtype:web-application -attack; sid:1002; rev:2;) will become pass tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS cmd.exe access"; flags: A+; content:"cmd.exe"; nocase; classtype:web-application -attack; sid:1002; rev:2;) -o is also needed. :-) Thanks. Neil _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- about pass rule Ronneil Camara (Jan 19)
- Snort loggin into MySQL Warrick FitzGerald (Jan 19)
- Re: Snort loggin into MySQL Chris Keladis (Jan 19)
- Re: Snort loggin into MySQL Warrick FitzGerald (Jan 19)
- Re: Snort loggin into MySQL Chris Keladis (Jan 19)
- Snort loggin into MySQL Warrick FitzGerald (Jan 19)