RE: Mysql question

[David Markle <davidmarkle () comcast net>]

A couple of things could be hassling you.

The first this is to validate that the snort RPM you got was compiled
with --with-mysql=<dir>.  If it was not, thats your problem.  If it was in
there, then:

I do not want to insult your intelligence, but there could be several minor
things wrong here.  I am just guessing though.

1. Assuming by the host=10.1.10.2 its a remote mysql db ???  If not use
host=localhost.
2. Make sure that the DB "SNORT" you created in mysql is correct.  MySQL is
case sensitive !!
3. I also assume that you created a user in mysql called "snort" with a
password of "snort".  If not, you'll need to use the default root acct in
mysql.
4. ACID also needs some mysql configuration modifications for the front end
to work properly.

My Snort output plug for mysql is as follows:
output database: log, mysql, user=root password=<mypasswd> dbname=snort
host=localhost encoding=hex detail=Full

Hope this helps.

-----Original Message-----
From: Jared Raddigan [mailto:jraddigan () kfh org]On Behalf Of
jared () kfh org
Sent: Friday, April 25, 2003 4:54 PM
To: davidmarkle () comcast net
Subject: RE: [Snort-users] Mysql question


Oops I thought I put that in. Here is my snort.conf file settings:

output database: log, mysql, user=snort password=snort dbname=SNORT
host=10.1.10.2

Everything else is was left pretty much default.

Thanks,

Jared

-----Original Message-----
From: David Markle [mailto:davidmarkle () comcast net]
Sent: Friday, April 25, 2003 1:21 PM
To: jared () kfh org; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Mysql question


What is you output plugin line for database giving this error ???

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of
jared () kfh org
Sent: Friday, April 25, 2003 4:08 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Mysql question


I am trying to get snort to work with mysql.

I am running
RH9.0
mysql-3.23.54a-11
mysql-devel-3.23.54a-11
snort-1.9.1-1snort
snort-mysql-1.9.1-1snort

With everything installed from RPM's. Snort seems to be working good until
modify the snort.conf file to have this:

WARNING: unknown output plugin: 'database'1310 Snort rules read...
1310 Option Chains linked into 139 Chain Headers
0 Dynamic rules



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users