Snort mailing list archives

RE: trouble connecting barnyard to a remote mysql database.

From: Timothy W Morrison <morriswt () us ibm com>
Date: Mon, 7 Jun 2004 15:36:29 -0500

Lance,
Thanks, I changed the IP to 127.0.0.1 and barnyard now logs to the remote 
database. The problem I am having now is that even though there is data in 
the remote database, ACiD is showing 0 Alerts. Do you have any ideas on 
that problem?

Regards,
Tim Morrison.




"Lance Boon" <lboon () firststatebanksw com> 
Sent by: snort-users-admin () lists sourceforge net
06/07/2004 02:58 PM

To
<snort-users () lists sourceforge net>
cc

Subject
RE: [Snort-users] trouble connecting barnyard to a remote mysql database.






First thing I would try is make sure that you can connect to your remote 
mysql server from your client. mysql –hx.x.x.x –usnort –p. The first error 
that you get is understandable because you aren’t running mysql server on 
your client. The 2nd looks to me like mysql isn’t running on the host you 
had specified or it couldn’t resolve your “server-name.com” to an ip. 
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net 
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Timothy W 
Morrison
Sent: Monday, June 07, 2004 1:34 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] trouble connecting barnyard to a remote mysql 
database.
 

Hello, 
I am currently having problems getting barnyard to log to a remote mysql 
database. My barnyard configuration file has the proper line uncommented 
to allow for logging to the remote mysql database. 

In /var/log/messages I get two errors: 

1) Jun  7 11:52:04 snortlog barnyard: FATAL ERROR: Failed to connect to 
database snort:XXXXXXXX@localhost/snort: Can't connect to local MySQL 
server through socket '/var/lib/mysql/mysql.sock' (2) 

That is what I get when I set the hostname to localhost. 

2)Jun  7 11:36:43 snortlog barnyard: FATAL ERROR: Failed to connect to 
database snort:XXXXXXXX () server-name com:3306/snort: Unknown MySQL Server 
Host 'server-name.com:3306' 

I get #2 when I use the actual hostname/IP of the server that has the 
MySQL database on it. 

Additional Information: 

I have port 3306 forwarded to the MySQL server. Is this necessary? Also, I 
have setup the proper priviliges for the MySQL user to log in from any 
host. My question is: What do I put for the hostname in the barnyard.conf 
file? 

Currently my output plugin for barnyard looks like: 

output alert_acid_db: mysql, sensor_id 1, database snort, server 
localhost, user *****, password ******** 

I appreciate your time and help. 

Thanks! 

Tim Morrison

Current thread:

trouble connecting barnyard to a remote mysql database. Timothy W Morrison (Jun 07)
- <Possible follow-ups>
- RE: trouble connecting barnyard to a remote mysql database. Lance Boon (Jun 07)
  - RE: trouble connecting barnyard to a remote mysql database. Timothy W Morrison (Jun 07)