Snort mailing list archives
RE: Snort-users digest, Vol 1 #2779 - 8 msgs
From: "Ross, Darren" <Darren.Ross () pantellos com>
Date: Mon, 10 Feb 2003 20:54:20 -0600
There is an issue with redhat 7.3 and some versiond on MYSQL will not allow for anything but local connections to it. This normally happens after you run the up2date program. If you can connect with the user@127.0.0.1 but cannot connect to the same DB from a remote machine. Search the Red Hat site. There is an white paper on incresing the mem that MYSQL uses. It is a work around but worked for me. -----Original Message----- From: snort-users-request () lists sourceforge net [mailto:snort-users-request () lists sourceforge net] Sent: Monday, February 10, 2003 8:37 PM To: snort-users () lists sourceforge net Subject: Snort-users digest, Vol 1 #2779 - 8 msgs Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. Re: Arguments for Snort (twig les) 2. Re: Access denied for user: '@192.168.0.1' -SNORT- (mike Hughes) 3. Re: Access denied for user: '@192.168.0.1' -SNORT- (twig les) 4. RE: Access denied for user: '@192.168.0.1' -SNORT- (Schmehl, Paul L) 5. Re: Access denied for user: '@192.168.0.1' -SNORT- (mike Hughes) 6. Recomile Snort with Mysql+flexresp (ms dhiraj ) 7. Re: Access denied for user: '@192.168.0.1' -SNORT- (twig les) 8. Re: Access denied for user: '@192.168.0.1' -SNORT- (Kenneth G. Arnold) --__--__-- Message: 1 Date: Mon, 10 Feb 2003 15:19:51 -0800 (PST) From: twig les <twigles () yahoo com> Subject: Re: [Snort-users] Arguments for Snort To: snort-users () lists sourceforge net I don't know much about ISS but I am evaluating my second proprietary NIDS and neither lets me look at the sigs. If ISS hides the sigs as well then I would say very mean things to the console as I tried to investigate alerts, kind of like I will do later today with our commercial NIDS. If you can't see *the actual signature* (not a description of it) then fsck it. Also snort is so flexible that you can do anything you want with it provided you know a little unix and some scripting. I have yet to be impressed with the convoluted approach taken by the two vendors I have evaluated and their psycho GUIs from h-e-double-hockey-stick. Having to create multiple layers of objects via a GUI to assign the IP address so you can SSH in just plain sucks. And, as you pointed out, they are slooow. Then again I hate when people try and hold my hand so I'm biased against these clunky "enterprise" contracts. Snort can scale quite nicely in the enterprise thank you kindly. Sorry for the rant, your question hit a raw nerve. --- tfandango <tfandango () yahoo com> wrote:
Hi All- I work for a large company in their IDS department. There are a lot of cutbacks going on and the consensus is that we will probably drop some of our ISS licenses this year. Some of our senior members are running around complaining that we will lose IDS coverage yada yada yada. I see this as a wonderful opportunity to deploy snort boxes instead as I haven't been too fond of ISS's tools and frankly I find some of their licenses insulting. My problem is that this company is very resistant to change and especially change with open source applications (Some of our members specialize in FUD). Just wanted to know how Snort compares to ISS on a technical standpoint. Is there really any advantage to using ISS over Snort besides the fancy and very slow GUI interfaces? I plan to present this to my manager. Thanks... T. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --__--__-- Message: 2 From: "mike Hughes" <mikehughes013 () hotmail com> To: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- Date: Mon, 10 Feb 2003 15:27:39 -0800 Ok from my "windows machine (management)" i ran these commands and here is the output: C:\mysql\bin>mysql -u sensor1 -p snort Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 to server version: 3.23.55-nt Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> SHOW DATABASE -> mysql> SHOW GRANTS -> This shouldnt be like this im guessing? ;( HOw can i fix this?
From: "Kenneth G. Arnold" <bkarnold () cbu edu> To: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- Date: Mon, 10 Feb 2003 15:38:35 -0600 It looks like the host where this snort process is trying to run does not have write access to the mysql database located at 192.168.0.69 connecting as user sensor1. Is 192.168.0.1 the host where snort is actually running? I am confused as to why the error message doesn't mention user sensor1@192.168.0.1 if that is the case. There doesn't appear to be a user specified in the error message yet the log shows that it knows the user is sensor1. Anyway, you need to make sure that the MySQL database has write permission for user sensor1 connecting from 192.168.0.1 (or wherever your snort machine is located). Page 19 of the Snort Installation Manual for Snort, MySQL and ACID on Redhat 7.3 describes how to do this for a user snort from both the localhost and from all hosts. I would recommend that you only allow access from the specific hosts that need it. That documentation is located at http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf Ken At 12:46 PM 2/10/03 -0800, mike Hughes wrote:Whats up guys...i am folowing this as my refernce: http://www.sans.org/rr/intrusion/practical_guide.php Im on the second to last step and am stuck and cant figure it out...Im a noob to mysql tooo im getting this error: database: mysql_error: Access denied for user: '@192.168.0.1' to database 'snort' Fatal Error, Quitting..------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --__--__-- Message: 3 Date: Mon, 10 Feb 2003 16:11:41 -0800 (PST) From: twig les <twigles () yahoo com> Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- To: mike Hughes <mikehughes013 () hotmail com>, Snort-users () lists sourceforge net mysql> SHOW GRANTS -> You need to put a semicolon at the end of the command: show grants; Mysql gives you a "->" when you don't so you can run multiple arguments on seperate lines: mysql> SELECT * -> from iphdr -> where .....; --- mike Hughes <mikehughes013 () hotmail com> wrote:
Ok from my "windows machine (management)" i ran these commands and here is the output: C:\mysql\bin>mysql -u sensor1 -p snort Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 to server version: 3.23.55-nt Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> SHOW DATABASE -> mysql> SHOW GRANTS -> This shouldnt be like this im guessing? ;( HOw can i fix this?From: "Kenneth G. Arnold" <bkarnold () cbu edu> To: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Access denied for user:'@192.168.0.1' -SNORT-Date: Mon, 10 Feb 2003 15:38:35 -0600 It looks like the host where this snort process is trying torun does nothave write access to the mysql database located at192.168.0.69 connectingas user sensor1. Is 192.168.0.1 the host where snort isactually running?I am confused as to why the error message doesn't mentionusersensor1@192.168.0.1 if that is the case. There doesn'tappear to be a userspecified in the error message yet the log shows that itknows the user issensor1. Anyway, you need to make sure that the MySQLdatabase has writepermission for user sensor1 connecting from 192.168.0.1 (orwherever yoursnort machine is located). Page 19 of the Snort InstallationManual forSnort, MySQL and ACID on Redhat 7.3 describes how to do thisfor a usersnort from both the localhost and from all hosts. I wouldrecommend thatyou only allow access from the specific hosts that need it.Thatdocumentation is located at http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf Ken At 12:46 PM 2/10/03 -0800, mike Hughes wrote:Whats up guys...i am folowing this as my refernce: http://www.sans.org/rr/intrusion/practical_guide.php Im on the second to last step and am stuck and cant figureit out...Im anoob to mysql tooo im getting this error: database: mysql_error: Access denied for user:'@192.168.0.1' to database'snort' Fatal Error, Quitting..------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something2 See!http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --__--__-- Message: 4 Subject: RE: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- Date: Mon, 10 Feb 2003 18:16:53 -0600 From: "Schmehl, Paul L" <pauls () utdallas edu> To: "mike Hughes" <mikehughes013 () hotmail com>, <Snort-users () lists sourceforge net> mysql> SHOW DATABASE -> xxxx The -> is telling you that the command isn't finished. You need a semi-colon. Also, it's DATABASE*S*, not DATABASE. mysql> show DATABASES; +---------------------+ | Database | +---------------------+ | mysql | | snort | | snort_archive_FEB03 | +---------------------+ 3 rows in set (0.00 sec) What is "SHOW GRANTS"? The proper command is "SHOW GRANTS for xxx$hostname", for example: mysql> SHOW GRANTS FOR root@localhost -> ; +----------------------------------------------------------------------- ----------------------------------------+ | Grants for root@localhost | +----------------------------------------------------------------------- ----------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'xxxxxxxx' WITH GRANT OPTION | +----------------------------------------------------------------------- ----------------------------------------+ 1 row in set (0.01 sec) There is an excellent online manual at http://www.mysql.com/doc/en/index.html. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member=20 -----Original Message----- From: mike Hughes [mailto:mikehughes013 () hotmail com]=20 Sent: Monday, February 10, 2003 5:28 PM To: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- Ok from my "windows machine (management)" i ran these commands and here is=20 the output: C:\mysql\bin>mysql -u sensor1 -p snort Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 to server version: 3.23.55-nt Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> SHOW DATABASE -> mysql> SHOW GRANTS -> This shouldnt be like this im guessing? ;( HOw can i fix this?
From: "Kenneth G. Arnold" <bkarnold () cbu edu> To: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1' =20 -SNORT- Date: Mon, 10 Feb 2003 15:38:35 -0600 It looks like the host where this snort process is trying to run does=20 not have write access to the mysql database located at 192.168.0.69
connecting=20
as user sensor1. Is 192.168.0.1 the host where snort is actually
running? =20
I am confused as to why the error message doesn't mention user=20 sensor1@192.168.0.1 if that is the case. There doesn't appear to be a
user=20
specified in the error message yet the log shows that it knows the user
is=20
sensor1. Anyway, you need to make sure that the MySQL database has
write=20
permission for user sensor1 connecting from 192.168.0.1 (or wherever
your=20
snort machine is located). Page 19 of the Snort Installation Manual
for=20
Snort, MySQL and ACID on Redhat 7.3 describes how to do this for a user
snort from both the localhost and from all hosts. I would recommend
that=20
you only allow access from the specific hosts that need it. That=20 documentation is located at=20 http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf Ken At 12:46 PM 2/10/03 -0800, mike Hughes wrote:Whats up guys...i am folowing this as my refernce:=20 http://www.sans.org/rr/intrusion/practical_guide.php Im on the second to last step and am stuck and cant figure it out...Im
a noob to mysql tooo im getting this error: database: mysql_error: Access denied for user: '@192.168.0.1' to
database=20
'snort' Fatal Error, Quitting..------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld =3D Something 2 See!=20 http://www.vasoftware.com=20 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:=20 https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:=20 http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
_________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* =20 http://join.msn.com/?page=3Dfeatures/junkmail ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld =3D Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users --__--__-- Message: 5 From: "mike Hughes" <mikehughes013 () hotmail com> To: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- Date: Mon, 10 Feb 2003 16:48:05 -0800 HERE IS MY SETUP SOO you guys can see what im trying to do better: --192.168.0.69 Windows mahine running myql,acid,activeworkx ids (managment machine)-- --192.168.0.1 This is my LAN inetrface on my Linux Machine eth1 GATEWAY for my LAN-- --142.178.22.12 This is my eth0 on my linux machine the interface conencted to the internet-- I have not set anyhitng on MYSQL on my LINUX machine i just installed the all the RPMS like the reference said-- Ok here is the output of the mysql commands on my windows machine(192.168.0.69) mysql> SHOW DATABASES; +----------+ | Database | +----------+ | mysql | | snort | | test | +----------+ 3 rows in set (0.00 sec) mysql> SHOW GRANTS FOR root@localhost -> ; +---------------------------------------------------------------------+ | Grants for root@localhost | +---------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION | +---------------------------------------------------------------------+ 1 row in set (0.00 sec) mysql> SHOW GRANTS FOR sensor1@192.168.0.1 -> ; +------------------------------------------------------------------------------- -------+ | Grants for sensor1@192.168.0.1 | +------------------------------------------------------------------------------- -------+ | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO 'sensor1'@'192.16 8.0.1' | +------------------------------------------------------------------------------- -------+ 1 row in set (0.00 sec) mysql> Ok when i connect to the linux using PUUTY from my management machine windows (192.168.0.69) using putty port 22 I log on to eth0 on my linux machine(142.178.22.12) as root then running this command: snort-mysql+flexresp -v -c /etc/snort/snort.conf I get this error: database: mysql_error: Can't connect to MySQL server on '192.168.0.69' (110) Fatal Error, Quitting.. Can you see whats wrong yet? with my settings? Soo i hope that clears things up for you too see what im trying to do! Thanks for you help guys!;) _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --__--__-- Message: 6 Date: Tue, 11 Feb 2003 07:09:29 +0530 From: "ms dhiraj " <ms.dhiraj () iservindia com> Reply-To: <ms.dhiraj () iservindia com> To: <Snort-users () lists sourceforge net> Subject: [Snort-users] Recomile Snort with Mysql+flexresp Hi , I have a successfull snort installation(1.9) with mysql support on RH7.2 . I want to recompile snort with "flexresp"+"mysql_database" option enabled . i have some reservations regarding the precodure . i am not sure how to go about safely ,so that i dont ruin my existing setup . Can somebody guide me to proper procedure to recompile snort with the 2 or more options enabled . Regards Dhiraj . --__--__-- Message: 7 Date: Mon, 10 Feb 2003 18:12:37 -0800 (PST) From: twig les <twigles () yahoo com> Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- To: Snort-users () lists sourceforge net A couple things strike me off the top of my head. First thing is that you should avoid giving the world your real IP address with your system's config, all in one email. Just call it 1.1.1.1 or something. Another thing to try is to re-do the GRANT statement on the windows box but add "identified by [password]". I'm pretty sure I got that syntax right, but you can find the right syntax in the mysql manual if I didn't. This might not be it but this is what my SHOW GRANTS...; looks like: GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'foo-randomcrap' WITH GRANT OPTION Then make sure snort's config isn't the problem by SSHing into the linux box and using the mysql client alone to get in like this: mysql -h 192.168.1.10 -u root -p One last thing is that you prolly don't want to start snort with the -v option. --- mike Hughes <mikehughes013 () hotmail com> wrote:
HERE IS MY SETUP SOO you guys can see what im trying to do better: --192.168.0.69 Windows mahine running myql,acid,activeworkx ids (managment machine)-- --192.168.0.1 This is my LAN inetrface on my Linux Machine eth1 GATEWAY for my LAN-- --142.178.22.12 This is my eth0 on my linux machine the interface conencted to the internet-- I have not set anyhitng on MYSQL on my LINUX machine i just installed the all the RPMS like the reference said-- Ok here is the output of the mysql commands on my windows machine(192.168.0.69) mysql> SHOW DATABASES; +----------+ | Database | +----------+ | mysql | | snort | | test | +----------+ 3 rows in set (0.00 sec) mysql> SHOW GRANTS FOR root@localhost -> ;
+---------------------------------------------------------------------+
| Grants for root@localhost
|
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
1 row in set (0.00 sec) mysql> SHOW GRANTS FOR sensor1@192.168.0.1 -> ;
+-------------------------------------------------------------------------------
-------+
| Grants for sensor1@192.168.0.1
|
+-------------------------------------------------------------------------------
-------+ | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO 'sensor1'@'192.16 8.0.1' |
+-------------------------------------------------------------------------------
-------+ 1 row in set (0.00 sec) mysql> Ok when i connect to the linux using PUUTY from my management machine windows (192.168.0.69) using putty port 22 I log on to eth0 on my linux machine(142.178.22.12) as root then running this command: snort-mysql+flexresp -v -c /etc/snort/snort.conf I get this error: database: mysql_error: Can't connect to MySQL server on '192.168.0.69' (110) Fatal Error, Quitting.. Can you see whats wrong yet? with my settings? Soo i hope that clears things up for you too see what im trying to do! Thanks for you help guys!;)
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --__--__-- Message: 8 Date: Mon, 10 Feb 2003 20:35:57 -0600 (CST) From: "Kenneth G. Arnold" <bkarnold () cbu edu> To: mike Hughes <mikehughes013 () hotmail com> cc: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- OK now I am really confused. You say that the eth0 interface of the linux machine is connected to the internet, not the local LAN and that it has an IP address of 142.178.22.12. You say that the eth1 interface is connected to the local LAN with an IP address of 192.168.0.1. Then you say that when you connect to the linux machine from the Windows machine you are logging into the eth0 interface of 142.178.22.12. Why aren't you logging into the eth1 interface of 192.168.0.1? Isn't this your network? Windows Linux 192.168.0.69 <----LAN--> 192.168.0.1<- -> 142.178.22.12<-Internet MySQL,ACID, etc. eth1 Snort eth0 Ken On Mon, 10 Feb 2003, mike Hughes wrote:
HERE IS MY SETUP SOO you guys can see what im trying to do better:
--192.168.0.69
Windows mahine running myql,acid,activeworkx ids (managment machine)--
--192.168.0.1
This is my LAN inetrface on my Linux Machine eth1 GATEWAY for my LAN--
--142.178.22.12
This is my eth0 on my linux machine the interface conencted to the
internet--
I have not set anyhitng on MYSQL on my LINUX machine i just installed the
all the RPMS like the reference said--
Ok here is the output of the mysql commands on my windows
machine(192.168.0.69)
mysql> SHOW DATABASES;
+----------+
| Database |
+----------+
| mysql |
| snort |
| test |
+----------+
3 rows in set (0.00 sec)
mysql> SHOW GRANTS FOR root@localhost
-> ;
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> SHOW GRANTS FOR sensor1@192.168.0.1
-> ;
+-------------------------------------------------------------------------------
-------+
| Grants for sensor1@192.168.0.1
|
+-------------------------------------------------------------------------------
-------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO
'sensor1'@'192.16
8.0.1' |
+-------------------------------------------------------------------------------
-------+
1 row in set (0.00 sec)
mysql>
Ok when i connect to the linux using PUUTY from my management machine
windows (192.168.0.69) using putty port 22 I log on to eth0 on my linux
machine(142.178.22.12) as root then running this command:
snort-mysql+flexresp -v -c /etc/snort/snort.conf
I get this error:
database: mysql_error: Can't connect to MySQL server on '192.168.0.69' (110)
Fatal Error, Quitting..
Can you see whats wrong yet? with my settings?
Soo i hope that clears things up for you too see what im trying to do!
Thanks for you help guys!;)
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
--__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort-users digest, Vol 1 #2779 - 8 msgs Ross, Darren (Feb 11)