Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: remote sensor config

From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Thu, 08 Apr 2004 08:45:09 +0100


--On 08 April 2004 10:54 +0800 Che Wan Zaharudin <azhar () essasia net> wrote:


Hi,

On your management server, grant permission to database for user
'my_username' to the database snort@127.0.0.1. Try this command:

mysql> grant all privileges on snort.* to myusername@127.0.0.1 identified
by 'my_password';


ITYM:
grant all privileges on snort.* to my_username () sensor ip addr ess identified by 'my_password';
...since the sensor.ip.addr.ess will be the source address of any database connections initiated by Snort.
Incidentally, snort doesn't require all privs; INSERT, SELECT, UPDATE should be sufficient, I think. 


Thanks.


Best Regards,
Alex.



-----Original Message-----
From: Zondlo, Zack [mailto:ZZondlo () acmail aclink org]
Sent: Thursday, April 08, 2004 5:55 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] remote sensor config

hello all,

i am trying to get my remote sensor to report to my management server, so
far with no luck. the management server is up with acid and snortcenter
and running fine, with snort running and reporting fine as well. mysql
client and snortcenter client are on the sensor; snortcenter works fine,
i can stop and start the sensor from the management box, push rules etc .
i have tried the following versions of the output line in snort.conf on
the sensor server:
output database: alert, mysql, host=127.0.0.1 dbname=snort
user=my_username password=my_password sensor_name=sensor, encoding ascii
output database: alert, mysql, host=10.100.1.240 dbname=snort
user=my_username password=my_password sensor_name=sensor, encoding ascii
with the second one the sensor and the management server have a
conversation of 10 packets going to port 3306 on the management server,
which is correct. when snort starts, then nothing. the first config gets
me nothing at all. snortcenter talks all the time on port 2525.
the documentation i've read says to use the first line listed. if this is
correct, then how do i get the sensor to know where management is?
basically, i guess, how do i get this to work?
thanks in advance,
zack


NHSXu??.)?y
zTm't!:?'-+xwj[?vhj?vvw


*****Confidentiality Notice*****************
This message contains confidential
information and is intended only for the
individual named.If you are not the named
addressee you should not disseminate,
distribute or copy this e-mail.  Please
notify the sender immediately by e-mail if
you have received this e-mail by mistake and
delete this e-mail from your system.
********************************************


*****Confidentiality Notice*****************
This message contains confidential
information and is intended only for the
individual named.If you are not the named
addressee you should not disseminate,
distribute or copy this e-mail.  Please
notify the sender immediately by e-mail if
you have received this e-mail by mistake and
delete this e-mail from your system.
********************************************




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op?
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list





--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: