Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort and MySQL

From: "Patrick S. Harper" <patrick () internetsecurityguru com>
Date: Sun, 29 Aug 2004 16:03:54 -0500
Not if you have your conf file set up right.  The output database line has
that info.  



Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Miikka
Hattberg
Sent: Sunday, August 29, 2004 1:49 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort and MySQL


I might be totally off, but shouldn't you specify the MySQL username in the
command whe you start snort.
like ' snort -u snort -c /etc/snort/snort.conf '

m.

Robert Spangler wrote:


Hello,

I seem to be having a problem setting up snort to use MySQL database.

When I run 'snort -c /etc/snort/snort.conf'  I get the following:

===================================================
Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface eth0

       --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
database: compiled support for ( MySQL )
database: configured to use MySQL
database:          user = snort
database: database name = snort
database:          host = localhost
database:   sensor name = 192.168.1.100
ERROR: database: MySQL_error: Access denied for user: 'snort@localhost' 
(Using
password: NO)
Fatal Error, Quitting..
===================================================


snort.conf has the following entry:

===================================================
output database: log, MySQL, user=snort, password=******** dbname=snort 
host=localhost ===================================================


MySQL was setup using this line for snort:

===================================================
grant INSERT,SELECT on root.* to snort@localhost; SET PASSWORD FOR 
snort@localhost=PASSOWRD('********');
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost; 
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort; 
===================================================

This was a step by step guide I had followed to set this up.  I'm 
hoping someone might be able to see what I'm missing.  Thnx

 





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise
J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: