Snort mailing list archives

RE: remote sensor config

From: "Che Wan Zaharudin" <azhar () essasia net>
Date: Thu, 8 Apr 2004 10:54:04 +0800

Hi,

On your management server, grant permission to database for user 'my_username' to the database snort@127.0.0.1. Try 
this command:

mysql> grant all privileges on snort.* to myusername@127.0.0.1 identified by 'my_password';

Thanks.

-----Original Message-----
From: Zondlo, Zack [mailto:ZZondlo () acmail aclink org] 
Sent: Thursday, April 08, 2004 5:55 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] remote sensor config

hello all,
 
i am trying to get my remote sensor to report to my management server, so far with no luck. the management server is up 
with acid and snortcenter and running fine, with snort running and reporting fine as well. mysql client and snortcenter 
client are on the sensor; snortcenter works fine, i can stop and start the sensor from the management box, push rules 
etc . i have tried the following versions of the output line in snort.conf on the sensor server:
 
output database: alert, mysql, host=127.0.0.1 dbname=snort user=my_username password=my_password sensor_name=sensor, 
encoding ascii
 
output database: alert, mysql, host=10.100.1.240 dbname=snort user=my_username password=my_password sensor_name=sensor, 
encoding ascii
 
with the second one the sensor and the management server have a conversation of 10 packets going to port 3306 on the 
management server, which is correct. when snort starts, then nothing. the first config gets me nothing at all. 
snortcenter talks all the time on port 2525.
 
the documentation i've read says to use the first line listed. if this is correct, then how do i get the sensor to know 
where management is? basically, i guess, how do i get this to work?
 
thanks in advance,
zack
 
 
NHSXužډ.)ۢy
zTm't!:瞉'-+xwj[̵vhj؞vvw


*****Confidentiality Notice***************** 
This message contains confidential
information and is intended only for the 
individual named.If you are not the named
addressee you should not disseminate, 
distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if 
you have received this e-mail by mistake and
delete this e-mail from your system.
********************************************


*****Confidentiality Notice***************** 
This message contains confidential
information and is intended only for the 
individual named.If you are not the named
addressee you should not disseminate, 
distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if 
you have received this e-mail by mistake and
delete this e-mail from your system.
********************************************




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

remote sensor config Zondlo, Zack (Apr 07)
- <Possible follow-ups>
- RE: remote sensor config Che Wan Zaharudin (Apr 07)
  - RE: remote sensor config AJ Butcher, Information Systems and Computing (Apr 08)