Snort mailing list archives
Re: Snort logging to encrypted MySQL (ssl) server?
From: David DeCoster <decoster () engr wisc edu>
Date: Tue, 04 Nov 2003 12:37:16 -0600
Yup, the ssl encrypted mysql connection works fine with the command line client (the "mysql -h foo.bar.com -u anyone -p") connects and passes encrypted data, just like the mysql documentation says it should. The only thing that caught me, was that I hadn't run the scripts to update the grant tables. After I did that, I just redid the grant for the snort user, added "REQUIRE SSL", created the appropriate certificates and the mysql client was happy. I then rebuilt the snort 2.0.2 (and now 2.0.3) with the newer mysql source (revision 4.0.3 according to debian's dpkg output) and what I see is this: ERROR: database: mysql_error: Access denied for user: \ 'snort () foo xxx wisc edu' (Using password: YES) When I remove the REQUIRE SSL, things are happy again and it connects to the database with no problems. Also, I strace'd the snort startup and the execution of the 'mysql' command and the mysql client looks for the ssl certificates, but snort does not (it just tries username/password). -dave On Tue, 2003-11-04 at 05:59, jon baer wrote:
do you have a normal ssl connection setup (like with the mysql client) that works correctly without using snort? it may be that you just need to recompile snort with that version of mysql (wild guess) ... but i know you would need to alter the grant tables as they do need ssl options: http://www.mysql.com/doc/en/Secure_GRANT.html im going to attempt this later to see if i can get it working as if only used ssh tunneling til now. - jon
-- David DeCoster <decoster () engr wisc edu> ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort logging to encrypted MySQL (ssl) server? David DeCoster (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? jon baer (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? David DeCoster (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? jon baer (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? David DeCoster (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? Frank Knobbe (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? David DeCoster (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? jon baer (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? Ben Nelson (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? omi (Nov 04)
- Re: Snort logging to encrypted MySQL (ssl) server? Dirk Geschke (Nov 05)
- <Possible follow-ups>
- RE: Snort logging to encrypted MySQL (ssl) server? PPowenski (Nov 05)
- Snort logging to encrypted MySQL (ssl) server? David DeCoster (Nov 05)
- Re: Snort logging to encrypted MySQL (ssl) server? boka (Nov 06)