Snort mailing list archives

Re: OpenSSH question

From: twig les <twigles () yahoo com>
Date: Fri, 22 Nov 2002 10:39:52 -0800 (PST)

Actually I'm trying to get the new stunnel to work
right now for mysql.  The syntax for 4.x is completely
different than 3.x so I'm kind of taking it in the
teeth on this one (repeatedly).  I'll post the configs
soon I hope.  If anyone else has done this I'd gladly
steal their config files.:)


--- Skip Carter <skip () taygeta com> wrote:

trying to log snort alerts to a remote mysql db

via openssh.  any ideas on

the configuration?


To port foward on a port over ssh, use something
like the following from the 
IDS:

 ssh -L XXXX:dbserver.mydomain.com:XXXX
dbserver.mydomain.com

where XXXX is the mysql port number.

then on the IDS connect to the database at XXXX on
localhost.


The disadavantage of doing it this way is that it
requires you to login via 
ssh to the database server from
the IDS.  A more practical approach is to use
stunnel (http://www.stunnel.org/ 
) to provide the equiavlent
without the ssh login session.  The stunnel docs
provide all the details.



-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645
FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET:
skip () taygeta com
 1340 Munras Ave., Suite 314    WWW:
http://www.taygeta.com
 Monterey, CA. 93940

-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus  Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

OpenSSH question McIlwee, Mark A (Nov 21)
- Re: OpenSSH question Skip Carter (Nov 22)
  - Re: OpenSSH question twig les (Nov 22)
  - Re: OpenSSH question Frank Knobbe (Nov 22)
    - Re: OpenSSH question Michael Boman (Nov 22)
    - Re: OpenSSH question Gene (Nov 22)