Snort mailing list archives
RE: RE: Snort
From: "Fallon, Benjamin" <bfallon () Businessedge com>
Date: Mon, 1 Jul 2002 08:50:45 -0400
I've had it working on MS 2k, w/IIS, ACID & MS-SQL. The ACID queries need work and you definately need a pretty high end machine for the queries or you really need to keep up on cleaning up the database frequently. Other then that, everything works pretty well. Still trying to get it to not loose so many packets. Averages about 6% data loss over 100MEg pipe. Ben -----Original Message----- From: Michael Steele [mailto:michaels () silicondefense com] Sent: Saturday, June 22, 2002 12:40 AM To: 'Don'; snort-users () lists sourceforge net Subject: RE: [Snort-users] RE: Snort Don, The only thing I don't like about MS-SQL is that you have to buy it, whereas MySQL is free. This would be the best way to go, or Oracle would even be better. Michael Steele | System Engineer / System Administrator mailto:michaels () silicondefense com http://www.silicondefense.com -----Original Message----- From: Don [mailto:Don () WeberOnTheWeb com] Sent: June 21, 2002 10:56 AM To: Michael Steele; 'Ross Draper' Subject: RE: [Snort-users] RE: Snort Ross, i'd like to try to do the same as you are doing, could you enlighten me on how you went about getting everything to MS-SQL, i'm taking my snort logging one step at a time right now, getting all the glitches out between steps until i get a good flow, my goal is to have everything on ms-sql, currently i am just remote syslogging, and the syslog forwards to sql. i guess my question is, how do you like the setup you have/had, how did you like the Snort/mySQL/Acid/Apache system as you had it, and what are you hoping to accomplish by moving to ms-sql/iis. Do you have some ideas of using asp pages to get reports? I guess i'll have to setup a Snort/mySQL/Acid/Apache system to see what that takes, altho i have no experience with apache, then i'll try to port over to ms-sql myself. I'm just kind of soliciting feedback on your experience i guess at this point. sorry to ramble on, just interested in what you are doing here. Don
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Michael Steele Sent: Friday, June 21, 2002 10:03 AM To: 'Ross Draper' Cc: snort-users () lists sourceforge net Subject: [Snort-users] RE: Snort Ross, Be sure to set the correct port option in your output database line
for
your MSSQL database. I believe the default is 3306 which is where
MySQL
sits, and there is one in your Acid configuration too. I'm really running short on time and won't be back in until next Wednesday. Would lover to hear from you on this because I have never
set
this configuration up. Our programmer is the one who developed
support
in Acid for MSSQL, and has set it up, but I haven't had time to sit
down
with him and do it from scratch and write the docs. -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: Ross Draper [mailto:ross.draper () musicradio com] Sent: Friday, June 21, 2002 8:43 AM To: michaels () silicondefense com Subject: Snort Hi Michael Sorry to bother you - I appreciate you must be up to your neck in
people
pestering you for help I recently deployed Snort/mySQL/Acid/Apache on a windows 2k box,
using
your documentation (worked perfectly - many thanks!). Due to the stresses placed on it I have now tried to move the
database
and web server functionality to a seperate windows2000 box running MSSQL and IIS. I have created the Table structure in Snort and went through your intructions on running acid with mysql and IIS because I could not find any docs on deploying snort with mssql remote logging(and a little bit of ini file fiddling
to
get php to talk to mssql). Things seem to be almost complete except for one small but vitally important problem - the damn thing wont log in! Acid pops up the following message when trying to view reports: Warning: MS SQL message: Login failed for user 'snort'. (severity 14)
in
c:\snort\adodb\adodb-mssql.inc.php on line 145 Warning: MS SQL: Unable to connect to server: localhost in c:\snort\adodb\adodb-mssql.inc.php on line 145 Error (p)connecting to DB : snort@localhost Check the DB connection variables in acid_conf.php = $alert_dbname : MySQL database name where the
alerts
are stored = $alert_host : host where the database is stored = $alert_port : port where the database is stored = $alert_user : username into the database = $alert_password : password for the username Database ERROR:Login failed for user 'snort'. I've reset the passwords, wondered if snort was trying to login with
the
user name of "snort@localhost" so created this login as well as simply "snort". Double checked the ini file and have come to the conclusion that I am simply stupid. Any ideas? Kind Regards Ross***********************************************************************
*
* GWR on the Web http://www.koko.com http://www.classicfm.com http://www.corefreshhits.com http://www.planetrock.com http://www.opusonline.co.uk http://www.gwrgroup.com CONFIDENTIALITY NOTICE The information in this e-mail and any attachments to it is
confidential
and may be legally privileged or prohibited from disclosure and unauthorised use. If you are not the intended recipient, any use, copying, disclosure, modification, distribution and/or publication of this message or its attachments (if any) is prohibited and may be
unlawful.
We will not accept liability for any claims arising as a result of the use of the internet to transmit information by or to GWR Group plc.***********************************************************************
*
* ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users