Snort mailing list archives

RE: logging to a remote database with mudpit

From: "Lance Boon" <lboon () firststatebanksw com>
Date: Thu, 13 May 2004 12:08:05 -0500
Try this

GRANT INSERT,SELECT ON snort.* TO snort@'%' IDENTIFIED BY "password";

http://dev.mysql.com/doc/mysql/en/GRANT.html
http://dev.mysql.com/doc/mysql/en/Connection_access.html
http://dev.mysql.com/doc/mysql/en/Adding_users.html


-----Original Message-----
From: Maetzky, Steffen (Extern) [mailto:Steffen.Maetzky () gedas de] 
Sent: Thursday, May 13, 2004 11:08 AM
To: Lance Boon
Subject: AW: [Snort-users] logging to a remote database with mudpit

1. Lets say that the remote-host = sensor1, other host = sensor2 and I want
both logging to sensor1.

Trying to connect from sensor1 to sensor1 (local)       => works
Trying to connect from sensor2 to sensor1               => failed


Shutting down my firewall on sensor1 and retrying       => still the same

2. Working on sensor1: I have given the grants for sensor2 in that way:

mysql -p
use snort;
grant INSERT,SELECT on snort.* to snort; <= thinking that this give the
grants to snort at other hosts  
flush privileges; 

   

-----Ursprüngliche Nachricht-----
Von: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] Im Auftrag von Lance Boon
Gesendet: Donnerstag, 13. Mai 2004 17:28
An: snort-users () lists sourceforge net
Betreff: RE: [Snort-users] logging to a remote database with mudpit

I'm confused now, you say you tried this from your remote host and it works,
but trying the same from the other host failed??? Have you granted the
"other" host privileges on the MySql server?

-----Original Message-----
From: Maetzky, Steffen (Extern) [mailto:Steffen.Maetzky () gedas de]
Sent: Thursday, May 13, 2004 9:45 AM
To: Lance Boon
Subject: AW: [Snort-users] logging to a remote database with mudpit

Trying this from my remote host works.
Trying the same from the other host failed 

-----Ursprüngliche Nachricht-----
Von: Lance Boon [mailto:lboon () firststatebanksw com]
Gesendet: Donnerstag, 13. Mai 2004 16:24
An: Maetzky, Steffen (Extern)
Betreff: RE: [Snort-users] logging to a remote database with mudpit

Have you tried just logging into the mysql server from your remote host?
For example mysql -h192.168.1.1 -usnort -p snort Just substitute the ip I
put in there for your mysql server's ip. 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Maetzky,
Steffen (Extern)
Sent: Thursday, May 13, 2004 8:54 AM
To: 'Snort-users () lists sourceforge net'
Subject: [Snort-users] logging to a remote database with mudpit

Hi,

I try to put data from a host to a mysql-database on a remote one with
mudpit but I get the following error message:

        Host 'hostname' is not allowed to connect to this MySQL Server
        error initializing ".../mp_acid_out.so": retrying unrecognized
parameter "server"

On the remote-host I have given the grants:

        grant INSERT,SELECT on snort.* to snort identified by 'password';
        flush privileges;

On the local host I use (mudpit.conf):

        spool "/var/log/snort" {
                lock = "mysql"
                delete_processed
                user="root"
                output=".../mp_acid_out.so", "server <remote server ip>,
user snort, password <password>, database snort, interface eth1"
        }

I don't know what's going wrong.
Any ideas?

Thanks in advance,

Steffen


-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for
SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for
SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

logging to a remote database with mudpit Maetzky, Steffen (Extern) (May 13)
- <Possible follow-ups>
- RE: logging to a remote database with mudpit Lance Boon (May 13)
- RE: logging to a remote database with mudpit Lance Boon (May 13)