Snort mailing list archives
RE: remote sensor config
From: "Che Wan Zaharudin" <azhar () essasia net>
Date: Thu, 8 Apr 2004 10:54:04 +0800
Hi, On your management server, grant permission to database for user 'my_username' to the database snort@127.0.0.1. Try this command: mysql> grant all privileges on snort.* to myusername@127.0.0.1 identified by 'my_password'; Thanks. -----Original Message----- From: Zondlo, Zack [mailto:ZZondlo () acmail aclink org] Sent: Thursday, April 08, 2004 5:55 AM To: snort-users () lists sourceforge net Subject: [Snort-users] remote sensor config hello all, i am trying to get my remote sensor to report to my management server, so far with no luck. the management server is up with acid and snortcenter and running fine, with snort running and reporting fine as well. mysql client and snortcenter client are on the sensor; snortcenter works fine, i can stop and start the sensor from the management box, push rules etc . i have tried the following versions of the output line in snort.conf on the sensor server: output database: alert, mysql, host=127.0.0.1 dbname=snort user=my_username password=my_password sensor_name=sensor, encoding ascii output database: alert, mysql, host=10.100.1.240 dbname=snort user=my_username password=my_password sensor_name=sensor, encoding ascii with the second one the sensor and the management server have a conversation of 10 packets going to port 3306 on the management server, which is correct. when snort starts, then nothing. the first config gets me nothing at all. snortcenter talks all the time on port 2525. the documentation i've read says to use the first line listed. if this is correct, then how do i get the sensor to know where management is? basically, i guess, how do i get this to work? thanks in advance, zack NHSXužډ.)ۢy zTm't!:瞉'-+xwj[̵vhj؞vvw *****Confidentiality Notice***************** This message contains confidential information and is intended only for the individual named.If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. ******************************************** *****Confidentiality Notice***************** This message contains confidential information and is intended only for the individual named.If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. ******************************************** ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- remote sensor config Zondlo, Zack (Apr 07)
- <Possible follow-ups>
- RE: remote sensor config Che Wan Zaharudin (Apr 07)
- RE: remote sensor config AJ Butcher, Information Systems and Computing (Apr 08)