Snort mailing list archives
RE: Snort and MySQL
From: "Patrick S. Harper" <patrick () internetsecurityguru com>
Date: Sun, 29 Aug 2004 16:09:55 -0500
It looks like for some reason he did not give it a password in the conf
file. The "using password: NO" is the tip off I believe. As well as the
other output, it should look like the following. Notice the "Database:
password is set". He does not get that, but the other error at the end
about using no password..
What does your output line in your conf file look like?
database: compiled support for ( mysql )
database: configured to use mysql
database: user = snort
database: password is set
database: database name = snort
database: host = localhost
database: sensor name = 208.14.28.12
database: sensor id = 2
database: inconsistent cid information for sid=2
Recovering by rolling forward the cid=35585
Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com
www.ntsug.org - Snort Users Group
"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Michael Steele
Sent: Sunday, August 29, 2004 1:52 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort and MySQL
Looks like you have no access to the Snort database. Go back and make SURE
you can access the database with the credentials that you have in the
snort.conf file on the MySQL output database line.
Kindest regards,
Michael...
WINSNORT.com Management Team Member
--
Pick up your FREE Windows or UNIX Snort installation guides
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of Robert Spangler Sent: Sunday, August 29, 2004 10:35 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort and MySQL Hello, I seem to be having a problem setting up snort to use MySQL database. When I run 'snort -c /etc/snort/snort.conf' I get the following: =================================================== Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... database: compiled support for ( MySQL ) database: configured to use MySQL database: user = snort database: database name = snort database: host = localhost database: sensor name = 192.168.1.100 ERROR: database: MySQL_error: Access denied for user: 'snort@localhost' (Using password: NO) Fatal Error, Quitting.. =================================================== snort.conf has the following entry: =================================================== output database: log, MySQL, user=snort, password=******** dbname=snort host=localhost =================================================== MySQL was setup using this line for snort: =================================================== grant INSERT,SELECT on root.* to snort@localhost; SET PASSWORD FOR snort@localhost=PASSOWRD('********'); grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost; grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort; =================================================== This was a step by step guide I had followed to set this up. I'm hoping someone might be able to see what I'm missing. Thnx -- Regards Robert Smile..... It increases your face value. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and MySQL Robert Spangler (Aug 29)
- Re: Snort and MySQL Miikka Hattberg (Aug 29)
- RE: Snort and MySQL Patrick S. Harper (Aug 29)
- RE: Snort and MySQL Michael Steele (Aug 29)
- RE: Snort and MySQL Patrick S. Harper (Aug 29)
- Re: Snort and MySQL [SOLVED MAYBE] Robert Spangler (Aug 29)
- RE: Snort and MySQL [SOLVED MAYBE] Patrick S. Harper (Aug 30)
- <Possible follow-ups>
- Snort and MySQL FAzle Rokib (Aug 29)
- Re: Snort and MySQL Miikka Hattberg (Aug 29)