Snort mailing list archives
Re: Snort logging to encrypted MySQL (ssl) server?
From: David DeCoster <decoster () engr wisc edu>
Date: Tue, 04 Nov 2003 11:30:02 -0600
I have the SSH tunneling working, but I was just trying to find out if there was a way to make snort work with the SSL features in MySQL 4. That way, I can eliminate another point of failure if SSH dies for some reason. Does anyone know if there is a patch available for the spo_database plugin to make encrypted MySQL work? Thanks again, -dave On Tue, 2003-11-04 at 05:05, jon baer wrote:
you could try to install ssh on the server/client and tunnel the traffic ... ssh -L 3306:server.com:3306 user () server com then change your snort.conf to point to localhost ... i think the problem is just that the plugin does not handle ssl correctly. - jon ----- Original Message ----- From: "David DeCoster" <decoster () engr wisc edu> To: <snort-users () lists sourceforge net> Sent: Tuesday, November 04, 2003 11:33 AM Subject: [Snort-users] Snort logging to encrypted MySQL (ssl) server?Hello all-- I have a question that is driving me nuts. I have a remote snort sensor (running ver. 2.0.2 on Debian testing) that I need to have log to a MySQL database in my office (also on Debian testing and MySQL is version 4.0.3). The sensor needs to send the MySQL traffic over a hostile network (aka. one I do not control), so I do not want the mysql traffic sent in the clear. I have MySQL 4.0.3 installed on the sensor (client, libraries, and headers) and the database computer. I enabled SSL (X.509 certificates) on the MySQL server and I am able to get an encrypted connection back to the database server using the command-line 'mysql' command. When I tried to make this work with snort, it failed and I was not able to login to the MySQL database (and snort rolls over and dies). Does anyone have any ideas on how to make snort log to MySQL with SSL? I've tried recompiling snort with the MySQL libraries and includes from 4.0.3, but nothing seems to work.
-- David DeCoster <decoster () engr wisc edu> ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort logging to encrypted MySQL (ssl) server? David DeCoster (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? jon baer (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? David DeCoster (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? jon baer (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? David DeCoster (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? Frank Knobbe (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? David DeCoster (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? jon baer (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? Ben Nelson (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? omi (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? Dirk Geschke (Nov 05)
- <Possible follow-ups>
- RE: Snort logging to encrypted MySQL (ssl) server? PPowenski (Nov 05)
- Snort logging to encrypted MySQL (ssl) server? David DeCoster (Nov 05)
- Re: Snort logging to encrypted MySQL (ssl) server? boka (Nov 06)