Snort mailing list archives
RE: error with mysql
From: Tinsley Paul <Paul.Tinsley () HCAhealthcare com>
Date: Wed, 21 May 2003 09:14:34 -0500
You don't mention whether MySQL by itself works, if you try this:
mysql -u snort -h bugzilla.cnnic.net.cn -p12345678 snort
Does it log you in?
Also in the ruletype redalert { ... } section you are missing the password.
-----Original Message-----
From: gaojiang [mailto:gaojiang () cnnic cn]
Sent: Monday, May 19, 2003 8:23 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] error with mysql
Hi,all
I installed snort-1.8.3 with mysql-8.23 on linux 8, but I encountered a
problem when
trying the following command
/opt/ids/bin/snort -c /opt/ids/etc/snort.d/snort.conf
Log directory = /var/log/snort
Initializing Network Interface eth1
--== Initializing Snort ==--
Decoding Ethernet on interface eth1
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /opt/ids/etc/snort.d/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
Fragment timeout: 60 seconds
Fragment memory cap: 4194304 bytes
Stream4 config:
Stateful inspection: ACTIVE
Session statistics: INACTIVE
Session timeout: 30 seconds
Session memory cap: 8388608 bytes
State alerts: INACTIVE
Scan alerts: ACTIVE
Log Flushed Streams: INACTIVE
No arguments to stream4_reassemble, setting defaults:
Reassemble client: ACTIVE
Reassemble server: INACTIVE
Reassemble ports: 21 23 25 53 80 143 110 111 513
Reassembly alerts: ACTIVE
Back Orifice detection brute force: DISABLED
Using LOCAL time
database: compiled support for ( mysql )
database: configured to use mysql
database: user = snort
database: database name = snort
database: host = bugzilla.cnnic.net.cn
database: password is set
database: sensor name = 159.226.7.50
database: sensor id = 1
database: schema version = 104
database: using the "log" facility
database: compiled support for ( mysql )
database: configured to use mysql
database: user = snort
database: database name = snort
database: host = bugzilla.cnnic.net.cn
database: sensor name = 159.226.7.50
database: mysql_error: Access denied for user: 'snort () bugzilla cnnic net cn'
<mailto:'snort () bugzilla cnnic net cn'> (Using password: NO)
Fatal Error, Quitting..
HERE IS PART OF THE CONFIGURE FILE OF SNORT
output database: log, mysql, user=snort dbname=snort
host=bugzilla.cnnic.net.cn password=12345678
ruletype redalert
{
type alert
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=snort dbname=snort host=bugzilla.cnnic.
net.cn
}
I CHANGED THE PASSWORD ABOVE TO AN INCORRECT ONE, ANT IT SAYS:
database: mysql_error: Access denied for user: 'snort () bugzilla cnnic net cn'
<mailto:'snort () bugzilla cnnic net cn'> (Using password: YES)
WHY IT SAYS *NO* AT FIRST???
AS TO SAY MYSQL, I CREATED THE DATABASE AND TABLES WITH THE GUIDE OF SNORT
AND DID THE FOLLOWING:
mysql> use snort;
Database changed
mysql> GRANT all PRIVILEGES ON snort.* to snort () bugzilla cnnic net cn
<mailto:snort () bugzilla cnnic net cn> IDENTIFIED BY '12345678';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
AT FIRST I ONLY GRANT INSERT AND SELECT TO SNORT,BUT THE PROBLEM STILL
EXISTS. SO I EXPANDED
ITS PRIVILEGES.
HERE IS PART OF acid_conf.php
$alert_dbname = "snort";
$alert_host = "159.226.7.50";
$alert_port = "3306";
$alert_user = "snort";
$alert_password = "12345678";
/* Archive DB connection parameters */
$archive_dbname = "snort_archive";
$archive_host = "localhost";
$archive_port = "";
$archive_user = "root";
$archive_password = "mypassword";
ANY SUGGESTIONS?
THANKS A LOT.
Current thread:
- error with mysql gaojiang (May 21)
- Re: error with mysql Erek Adams (May 21)
- <Possible follow-ups>
- RE: error with mysql Tinsley Paul (May 21)
- RE: error with mysql Jonathan Jesse (May 21)