Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort not working with mysql on a redhat machine

From: "Thomas Los" <tlos () trondent com>
Date: Thu, 4 Dec 2003 10:30:30 -0600
Hey Guys, I am using Redhat 8.0 and using Snort 2.0.5.  I am using MySQL
server version: 3.23.52.  when i issue mysql i can connect to the sql server
and i've gone ahead and made the user account for snort and assigned it a
password.  I also went ahead and make a username and password for acid as
well.  My SQL is configured like so,

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

[mysql.server]
user=mysql
basedir=/var/lib

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid


So when i was configuring snort, i used the configure option
of -with-mysql=/var/lib/mysql .  It compiled properly, and so the next thing
i had to do was specify the mysql connection in my snort config file.  I was
using a guide for this and might have made an error, the line that specifies
the sql in my snort config looks like this.  Now mind you i got this from a
RedHat Book.  I'm used to working with snort on FreeBSD and have to work
with some redhat servers at work... (ugh).

  --->   output database: log, mysql, user=snort password=snortsnarf
dbname=snort_db host=localhost   <---

When i try to run snort like i usually do,  snort starts up and shows mysql
but it says,

Using LOCAL time
database: compiled support for ( )
database: configured to use mysql
database: 'mysql' support is not compiled into this build of snort

ERROR: If this build of snort was obtained as a binary distribution (e.g.,
rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.

If this build of snort was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..
[root@powell snort]#


Now i'm wondering what the hell am i doing wrong?  I am assuming the output
line must be wrong and wanted to ask you guys for general guidance on how i
can get past this little hurdle?


. The last thing i'm wondering, Can i get snort to log to both syslog,
/var/log/snort/ and to the Mysql database?

Thanks to all for any kind of help or guidance.

Tom.Los
Network Systems Support
Trondent Development Services Corp
Http://www.trondent.com
Previous By Date Next
Previous By Thread Next

Current thread: