Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [PMX:#] IIS_unicode error when running snort Snort-users digest, Vol 1 #4499 - 3 msgs

From: "Yaasin Lutta" <yaasin () lei org au>
Date: Mon, 30 Aug 2004 22:49:43 +0800
My Installation of snort is fine when I attempt to run snort -c
/etc/snort/snort.conf -l /var/snort/log 

I get a IIS_UNICODE error, can anyone point me to where this has to be
directed to in the snort.conf file?? It's driving me batty!! Running on
linux RH9.

Help!!


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of
snort-users-request () lists sourceforge net
Sent: Monday, 30 August 2004 9:18 AM
To: snort-users () lists sourceforge net
Subject: [PMX:#] Snort-users digest, Vol 1 #4499 - 3 msgs

Send Snort-users mailing list submissions to
        snort-users () lists sourceforge net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
        snort-users-request () lists sourceforge net

You can reach the person managing the list at
        snort-users-admin () lists sourceforge net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: Snort and MySQL [SOLVED MAYBE] (Robert Spangler)
   2. Re: glibc dependency errors installing snort (James Riden)
   3. Snort and MySQL (FAzle Rokib)

--__--__--

Message: 1
From: Robert Spangler <bms () zoominternet net>
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort and MySQL [SOLVED MAYBE]
Date: Sun, 29 Aug 2004 20:02:29 -0400

On Sun August 29 2004 13:35, Robert Spangler wrote:


 I seem to be having a problem setting up snort to use MySQL database.


I had an error in my snort.conf file


 snort.conf has the following entry:

 ===================================================
 output database: log, MySQL, user=snort, password=********

dbname=snort

 host=localhost
 ===================================================


The above was placed in the wrong area of the config.  When this was
corrected 
snort seemed to run without any problems.


NOW


I don't think things are running correctly.  I run a scan against my
machine 
using CIS and it does it's reporting but I never see anything in ACID or

OpenAanval.

I used the following quick setup guide written by Patrick Harper at 
http://www.internetsecurityguru.com/


-- 

Regards
Robert

Smile.....  It increases your face value.



--__--__--

Message: 2
To: "Andy" <andy () page55 com>
Cc: <snort-users () lists sourceforge net>
Subject: Re: [Snort-users] glibc dependency errors installing snort
From: James Riden <j.riden () massey ac nz>
Date: Mon, 30 Aug 2004 12:18:48 +1200

"Andy" <andy () page55 com> writes:


Hi,
I'm having problems installing snort, I'm getting glibc dependency

errors.

I running RedHat 7.3, trying to install snort-2.1.3-1.i386.rpm

I can't find a newer version of glibc other than 2.2.5 and really

don't know

what I'm doing anyway.

Am I having these problems because I'm running RH 7.3? Does snort

2.1.3-1

run on RH 7.3?

Should I be installing a different package?

[root@tunes snort]# rpm -ivh [root@tunes snort]# rpm -ivh
snort-2.1.3-1.i386.rpm
error: failed dependencies:
        libc.so.6(GLIBC_2.3)   is needed by snort-2.1.3-1


I'd go to Fedora Core 1 at least if you can. I've done an upgrade from
7.3 to FC1 and it went OK, and snort 2.2.0 is happily working on that
machine.

Otherwise, try getting the appropriate rpms from here:
http://dag.wieers.com/packages/snort/

cheers,
 Jamie
-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/



--__--__--

Message: 3
From: "FAzle Rokib" <rokib () itsits com>
To: <snort-users () lists sourceforge net>
Date: Sun, 29 Aug 2004 21:16:13 -0400
Subject: [Snort-users] Snort and MySQL

This is a multi-part message in MIME format.

------=_NextPart_000_0030_01C48E0D.6A360260
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Try this:

mysql> Grant All On snort.* to  snort@localhost<mailto:snort@localhost>;

or (if you have a password for snort user)=20

mysql> Grant All On snort.* to snort@localhost<mailto:snort@localhost> =
Identified By 'password';

[****If you have a password for snort user, you must use Identified By =
clause]

Message: 1
From: "Michael Steele" =
<michaels () winsnort com<mailto:michaels () winsnort com>>
To: =
<snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.
n=
et>>
Subject: RE: [Snort-users] Snort and MySQL
Date: Sun, 29 Aug 2004 11:52:02 -0700

Looks like you have no access to the Snort database. Go back and make =
SURE
you can access the database with the credentials that you have in the
snort.conf file on the MySQL output database line.

Kindest regards,=20
Michael...

WINSNORT.com Management Team Member
--=20
Pick up your FREE Windows or UNIX Snort installation guides      =20
mailto:support () winsnort com<mailto:support () winsnort com>
Website: http://www.winsnort.com<http://www.winsnort.com/>
Snort: Open Source Network IDS - =
http://www.snort.org<http://www.snort.org/>



-----Original Message-----
From: =

snort-users-admin () lists sourceforge net<mailto:snort-users-admin@lists.s
o=
urceforge.net> [mailto:snort-users-

admin () lists sourceforge net<mailto:admin () lists sourceforge net>] On =

Behalf Of Robert Spangler

Sent: Sunday, August 29, 2004 10:35 AM
To: =

snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.n
e=
t>

Subject: [Snort-users] Snort and MySQL
=20
Hello,
=20
I seem to be having a problem setting up snort to use MySQL database.
=20
When I run 'snort -c /etc/snort/snort.conf'  I get the following:
=20
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

Running in IDS mode
Log directory =3D /var/log/snort
=20
Initializing Network Interface eth0
=20
        --=3D=3D Initializing Snort =3D=3D--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
=20
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
database: compiled support for ( MySQL )
database: configured to use MySQL
database:          user =3D snort
database: database name =3D snort
database:          host =3D localhost
database:   sensor name =3D 192.168.1.100
ERROR: database: MySQL_error: Access denied for user: =

'snort@localhost'<mailto:'snort@localhost&apos;>

(Using
password: NO)
Fatal Error, Quitting..
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

=20
=20
snort.conf has the following entry:
=20
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

output database: log, MySQL, user=3Dsnort, password=3D******** =

dbname=3Dsnort

host=3Dlocalhost
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

=20
=20
MySQL was setup using this line for snort:
=20
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

grant INSERT,SELECT on root.* to =

snort@localhost<mailto:snort@localhost>;

SET PASSWORD FOR =

snort@localhost=3DPASSOWRD('********'<mailto:snort@localhost=3DPASSOWRD(
'=
********'>);

grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to =

snort@localhost<mailto:snort@localhost>;

grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

=20
This was a step by step guide I had followed to set this up.  I'm =

hoping

someone might be able to see what I'm missing.  Thnx
=20
--
=20
Regards
Robert
=20
Smile.....  It increases your face value.
=20
=20
=20
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
=

http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>

_______________________________________________
Snort-users mailing list
=

Snort-users () lists sourceforge net<mailto:Snort-users@lists.sourceforge.n
e=
t>

Go to this URL to change user options or unsubscribe:
=

https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>

Snort-users list archive:
=

http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>





-- __--__-- 

Message: 2
From: "pfeito" <pfeito () netcabo pt<mailto:pfeito () netcabo pt>>
To: "'Keith W. McCammon'" =
<mccammon () gmail com<mailto:mccammon () gmail com>>,
<snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.
n=
et>>,
<hackerwacker () cybermesa com<mailto:hackerwacker () cybermesa com>>
Subject: RE: [Snort-users] Slow down TCP connections
Date: Sun, 29 Aug 2004 20:13:54 +0100

I don't really have a final purpose, I'm just digging out what proactive
stuff there is out there for Snort.=20
I don't need it, I just thought of it, as an example of proactive
functionality and wanted to find out if there is such thing. I guess it
=
is
kind of stupid.... although it could be useful in an snort+honeypot
scenario. Don't really put much though in it.


Why are you seeking and IDS to do traffic queueing ?

No. That would be like trying to cut a steak with a spoon :P !


-----Original Message-----
From: =

snort-users-admin () lists sourceforge net<mailto:snort-users-admin@lists.s
o=
urceforge.net> [mailto:snort-users-

admin () lists sourceforge net<mailto:admin () lists sourceforge net>] On =

Behalf Of Keith W. McCammon

Sent: domingo, 29 de Agosto de 2004 18:14
To: =

snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.n
e=
t>

Subject: Re: [Snort-users] Slow down TCP connections
=20

Right know, I've just compiled and installed snort 2.2.0 with =

flexresp2

support. I'm about to test flexresp2 capabilities, but It seems to =

have

no

support for slowing down TCP connections (i.e. for slowing down TCP

Scans

for instance...)

=20
Why would Snort want to "slow down" a TCP scan?  Snort will catch it,
and under certain circumstances, flexresp2 can reset those
connections.  That's pretty much the extent of Snort's involvement.
=20

Do you know any plug-in that allows Snort to slow down TCP =

connections

speed

(i.e. resize TCP window size) ?

=20
No.  What would you accomplish by doing this?  Either block the
traffic or don't.  Slowing it down won't really get you anywhere
(it'll just take the attacker longer to do the same thing).
=20
=20
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
=

http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>

_______________________________________________
Snort-users mailing list
=

Snort-users () lists sourceforge net<mailto:Snort-users@lists.sourceforge.n
e=
t>

Go to this URL to change user options or unsubscribe:
=

https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>

Snort-users list archive:
=

http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>




-- __--__-- 

Message: 3
From: "Jim Hendrick" =
<jrhendri () maine rr com<mailto:jrhendri () maine rr com>>
To: "'pfeito'" <pfeito () netcabo pt<mailto:pfeito () netcabo pt>>, =
<snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.
n=
et>>
Subject: RE: [Snort-users] Slow down TCP connections
Date: Sun, 29 Aug 2004 16:22:28 -0400

If you are looking to slow down scans, try a tarpit (e.g. labrea)
flexrsp is really designed to reset TCP connections to halt an attack.

-----Original Message-----
From: =
snort-users-admin () lists sourceforge net<mailto:snort-users-admin@lists.s
o=
urceforge.net>
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of pfeito
Sent: Sunday, August 29, 2004 12:57 PM
To: =
snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: [Snort-users] Slow down TCP connections


Hi Guys,

I'm searching for pro-active plug-ins for Snort.=3D20

Right know, I've just compiled and installed snort 2.2.0 with flexresp2
support. I'm about to test flexresp2 capabilities, but It seems to have
=
=3D
no
support for slowing down TCP connections (i.e. for slowing down TCP =3D
Scans
for instance...)

Do you know any plug-in that allows Snort to slow down TCP connections =
=3D
speed
(i.e. resize TCP window size) ?

Thanks,
-pfeito




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=3D3D5047&alloc_id=3D3D10808&op=3D3Dclick<http
:=
//ads.osdn.com/?ad_id=3D3D5047&alloc_id=3D3D10808&op=3D3Dclick>
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users@lists.sourceforge.n
e=
t>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3D3Dsnort-users<http://www.
g=
eocrawler.com/redir-sf.php3?list=3D3Dsnort-users>




-- __--__-- 

Message: 4
From: "pfeito" <pfeito () netcabo pt<mailto:pfeito () netcabo pt>>
To: "'Jim Hendrick'" =
<jrhendri () maine rr com<mailto:jrhendri () maine rr com>>,
<snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.
n=
et>>
Subject: RE: [Snort-users] Slow down TCP connections
Date: Sun, 29 Aug 2004 21:36:32 +0100

That's a cool thing to play around. But right now I'm only studying =
plugins
or modules for Snort. The slow down functionality was only one I example
=
I
thought, but it seems not to make sense in a IDS. I'm concentrating =
right
now in developing one or two demos with flexresp.
Thanks,
-pfeito



-----Original Message-----
From: Jim Hendrick [mailto:jrhendri () maine rr com]
Sent: domingo, 29 de Agosto de 2004 21:22
To: 'pfeito'; =

snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.n
e=
t>

Subject: RE: [Snort-users] Slow down TCP connections
=20
If you are looking to slow down scans, try a tarpit (e.g. labrea)
flexrsp is really designed to reset TCP connections to halt an attack.
=20
-----Original Message-----
From: =

snort-users-admin () lists sourceforge net<mailto:snort-users-admin@lists.s
o=
urceforge.net>

[mailto:snort-users-admin () lists sourceforge net] On Behalf Of pfeito
Sent: Sunday, August 29, 2004 12:57 PM
To: =

snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.n
e=
t>

Subject: [Snort-users] Slow down TCP connections
=20
=20
Hi Guys,
=20
I'm searching for pro-active plug-ins for Snort.
=20
Right know, I've just compiled and installed snort 2.2.0 with =

flexresp2

support. I'm about to test flexresp2 capabilities, but It seems to =

have no

support for slowing down TCP connections (i.e. for slowing down TCP =

Scans

for instance...)
=20
Do you know any plug-in that allows Snort to slow down TCP connections
speed
(i.e. resize TCP window size) ?
=20
Thanks,
-pfeito
=20
=20
=20
=20
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
=

http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>

_______________________________________________
Snort-users mailing list
=

Snort-users () lists sourceforge net<mailto:Snort-users@lists.sourceforge.n
e=
t>

Go to this URL to change user options or unsubscribe:
=

https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>

Snort-users list archive:
=

http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>

=20






-- __--__-- 

Message: 5
From: "Patrick S. Harper" =
<patrick () internetsecurityguru com<mailto:patrick () internetsecurityguru co
m=



To: "'Miikka Hattberg'" <miikka () miikkah org<mailto:miikka () miikkah org>>,
   =
<snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.
n=
et>>
Subject: RE: [Snort-users] Snort and MySQL
Date: Sun, 29 Aug 2004 16:03:54 -0500

Not if you have your conf file set up right.  The output database line =
has
that info. =20



Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com<http://www.internetsecurityguru.com/>

www.ntsug.org<http://www.ntsug.org/> - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light
=
the
damn thing yourself!"
=20
-----Original Message-----
From: =
snort-users-admin () lists sourceforge net<mailto:snort-users-admin@lists.s
o=
urceforge.net>
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Miikka
Hattberg
Sent: Sunday, August 29, 2004 1:49 PM
To: =
snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: Re: [Snort-users] Snort and MySQL


I might be totally off, but shouldn't you specify the MySQL username in
=
the
command whe you start snort.
like ' snort -u snort -c /etc/snort/snort.conf '

m.

Robert Spangler wrote:


Hello,

I seem to be having a problem setting up snort to use MySQL database.

When I run 'snort -c /etc/snort/snort.conf'  I get the following:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3

D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D

Running in IDS mode
Log directory =3D /var/log/snort

Initializing Network Interface eth0

       --=3D=3D Initializing Snort =3D=3D--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
database: compiled support for ( MySQL )
database: configured to use MySQL
database:          user =3D snort
database: database name =3D snort
database:          host =3D localhost
database:   sensor name =3D 192.168.1.100
ERROR: database: MySQL_error: Access denied for user: =

'snort@localhost'<mailto:'snort@localhost&apos;>=20

(Using
password: NO)
Fatal Error, Quitting..
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3

D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D



snort.conf has the following entry:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3

D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D

output database: log, MySQL, user=3Dsnort, password=3D******** =

dbname=3Dsnort=20

host=3Dlocalhost =

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D



MySQL was setup using this line for snort:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3

D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D

grant INSERT,SELECT on root.* to =

snort@localhost<mailto:snort@localhost>; SET PASSWORD FOR=20

snort@localhost=3DPASSOWRD('********');
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to =

snort@localhost<mailto:snort@localhost>;=20

grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3

D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D


This was a step by step guide I had followed to set this up.  I'm=20
hoping someone might be able to see what I'm missing.  Thnx

=20





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java =
Enterprise
J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users@lists.sourceforge.n
e=
t>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>



-- __--__-- 

Message: 6
From: "Patrick S. Harper" =
<patrick () internetsecurityguru com<mailto:patrick () internetsecurityguru co
m=



To: "'Michael Steele'" =
<michaels () winsnort com<mailto:michaels () winsnort com>>,
   =
<snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.
n=
et>>,
   "'Robert Spangler'" =
<bms () zoominternet net<mailto:bms () zoominternet net>>
Subject: RE: [Snort-users] Snort and MySQL
Date: Sun, 29 Aug 2004 16:09:55 -0500

=20
It looks like for some reason he did not give it a password in the conf
file.  The "using password: NO" is the tip off I believe.  As well as =
the
other output, it should look like the following.  Notice the "Database:
password is set".  He does not get that, but the other error at the end
about using no password.. =20

What does your output line in your conf file look like?


database: compiled support for ( mysql )
database: configured to use mysql
database:          user =3D snort
database: password is set
database: database name =3D snort
database:          host =3D localhost
database:   sensor name =3D 208.14.28.12
database:     sensor id =3D 2
database: inconsistent cid information for sid=3D2
          Recovering by rolling forward the cid=3D35585



Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com<http://www.internetsecurityguru.com/>

www.ntsug.org<http://www.ntsug.org/> - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light
=
the
damn thing yourself!"
=20
-----Original Message-----
From: =
snort-users-admin () lists sourceforge net<mailto:snort-users-admin@lists.s
o=
urceforge.net>
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Michael =
Steele
Sent: Sunday, August 29, 2004 1:52 PM
To: =
snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: RE: [Snort-users] Snort and MySQL

Looks like you have no access to the Snort database. Go back and make =
SURE
you can access the database with the credentials that you have in the
snort.conf file on the MySQL output database line.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
--=20
Pick up your FREE Windows or UNIX Snort installation guides      =20
mailto:support () winsnort com<mailto:support () winsnort com>
Website: http://www.winsnort.com<http://www.winsnort.com/>
Snort: Open Source Network IDS - =
http://www.snort.org<http://www.snort.org/>



-----Original Message-----
From: =

snort-users-admin () lists sourceforge net<mailto:snort-users-admin@lists.s
o=
urceforge.net> [mailto:snort-users-=20

admin () lists sourceforge net<mailto:admin () lists sourceforge net>] On =

Behalf Of Robert Spangler

Sent: Sunday, August 29, 2004 10:35 AM
To: =

snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.n
e=
t>

Subject: [Snort-users] Snort and MySQL
=20
Hello,
=20
I seem to be having a problem setting up snort to use MySQL database.
=20
When I run 'snort -c /etc/snort/snort.conf'  I get the following:
=20
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

Running in IDS mode
Log directory =3D /var/log/snort
=20
Initializing Network Interface eth0
=20
        --=3D=3D Initializing Snort =3D=3D--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
=20
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
database: compiled support for ( MySQL )
database: configured to use MySQL
database:          user =3D snort
database: database name =3D snort
database:          host =3D localhost
database:   sensor name =3D 192.168.1.100
ERROR: database: MySQL_error: Access denied for user: =

'snort@localhost'<mailto:'snort@localhost&apos;>

(Using
password: NO)
Fatal Error, Quitting..
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

=20
=20
snort.conf has the following entry:
=20
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

output database: log, MySQL, user=3Dsnort, password=3D********=20
dbname=3Dsnort host=3Dlocalhost=20
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

=20
=20
MySQL was setup using this line for snort:
=20
=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

grant INSERT,SELECT on root.* to =

snort@localhost<mailto:snort@localhost>; SET PASSWORD FOR=20

=

snort@localhost=3DPASSOWRD('********'<mailto:snort@localhost=3DPASSOWRD(
'=
********'>);

grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to=20
snort@localhost<mailto:snort@localhost>; grant =

CREATE,INSERT,SELECT,DELETE,UPDATE on snort.*=20

to snort; =

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D

=20
This was a step by step guide I had followed to set this up.  I'm=20
hoping someone might be able to see what I'm missing.  Thnx
=20
--
=20
Regards
Robert
=20
Smile.....  It increases your face value.
=20
=20
=20
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java=20
Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
=

http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>

_______________________________________________
Snort-users mailing list
=

Snort-users () lists sourceforge net<mailto:Snort-users@lists.sourceforge.n
e=
t>

Go to this URL to change user options or unsubscribe:
=

https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>

Snort-users list archive:
=

http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java =
Enterprise
J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users@lists.sourceforge.n
e=
t>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>



-- __--__-- 

Message: 7
From: Juan Fernandez =
<Juan.Fernandez () deltathree com<mailto:Juan.Fernandez () deltathree com>>
To: =
"'snort-users () lists sourceforge net'<mailto:'snort-users@lists.sourcefor
g=
e.net'>"
<snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.
n=
et>>
Date: Mon, 30 Aug 2004 02:02:19 +0300
Subject: [Snort-users] :  setup postfix please help !!!!!!!!!!1

This message is in MIME format. Since your mail reader does not =
understand
this format, some or all of this message may not be legible.

------_=3D_NextPart_001_01C48E1C.3533D7EB
Content-Type: text/plain;
charset=3D"iso-8859-1"

=20
=20


Hi guys,=20

=20

Can someone please send to me his/heres main.cf file so I can take it as
=
an
example to config my postfix on mt snort sesnsors?

=20

I cant configure it aloe I massed up my main.cf file..

=20

Please help...

=20

All I need to configure is that the sensors will pass the mails to my
internal exchange server to my mailbox...

=20

Please help !!!

=20

Thanks !!!


------_=3D_NextPart_001_01C48E1C.3533D7EB
Content-Type: text/html;
charset=3D"iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML =
xmlns=3D"http://www.w3.org/TR/REC-html40<http://www.w3.org/TR/REC-html40

=

" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word"><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">


<META content=3D"MSHTML 6.00.2800.1458" name=3DGENERATOR>
<STYLE>@page Section1 {size: 595.3pt 841.9pt; margin: 1.0in 1.25in 1.0in
=
1.25in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: =
"Times New Roman"; unicode-bidi: embed; TEXT-ALIGN: right
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: =
"Times New Roman"; unicode-bidi: embed; TEXT-ALIGN: right
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: =
"Times New Roman"; unicode-bidi: embed; TEXT-ALIGN: right
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
page: Section1
}
</STYLE>
</HEAD>
<BODY lang=3DEN-US vLink=3Dpurple link=3Dblue>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2></FONT>&nbsp;</DIV>
<DIV>
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2></FONT></DIV><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></DIV>
<DIV>
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2></FONT></DIV><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></DIV>
<DIV>&nbsp;</DIV>
<P dir=3Dltr>
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2></FONT></DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hi =
guys,<o:p></o:p></SPAN></FONT>=20
<P></P>
<BLOCKQUOTE dir=3Drtl style=3D"MARGIN-LEFT: 0px">
  <DIV class=3DSection1 dir=3Drtl>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Can =
someone please=20
  send to me his/heres main.cf file so I can take it as an example to =
config my=20
  postfix on mt snort sesnsors?<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">I cant =
configure it=20
  aloe I massed up my main.cf file..<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Please=20
  help...<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">All I =
need to=20
  configure is that the sensors will pass the mails to my internal =
exchange=20
  server to my mailbox...<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Please =
help=20
  !!!<o:p></o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN=20
  style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=3DMsoNormal dir=3Dltr=20
  style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
  size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks=20
  !!!<o:p></o:p></SPAN></FONT></P></DIV></BLOCKQUOTE></BODY></HTML>

------_=3D_NextPart_001_01C48E1C.3533D7EB--


-- __--__-- 

Message: 8
From: "Andy" <andy () page55 com<mailto:andy () page55 com>>
To: =
<snort-users () lists sourceforge net<mailto:snort-users@lists.sourceforge.
n=
et>>
Date: Sun, 29 Aug 2004 18:22:48 -0500
Subject: [Snort-users] glibc dependency errors installing snort

Hi,
I'm having problems installing snort, I'm getting glibc dependency =
errors.
I running RedHat 7.3, trying to install snort-2.1.3-1.i386.rpm

I can't find a newer version of glibc other than 2.2.5 and really don't
=
know
what I'm doing anyway.

Am I having these problems because I'm running RH 7.3? Does snort =
2.1.3-1
run on RH 7.3?

Should I be installing a different package?

[root@tunes snort]# rpm -ivh [root@tunes snort]# rpm -ivh
snort-2.1.3-1.i386.rpm
error: failed dependencies:
        libc.so.6(GLIBC_2.3)   is needed by snort-2.1.3-1

totally new to this, hope you can help.

Thanks,
Andy




-- __--__-- 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users@lists.sourceforge.n
e=
t>
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>


End of Snort-users Digest


------=_NextPart_000_0030_01C48E0D.6A360260
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type =
content=3Dtext/html;charset=3Diso-8859-1>
<STYLE></STYLE>

<META content=3D"MSHTML 6.00.2800.1458" name=3DGENERATOR></HEAD>
<BODY id=3DMailContainerBody=20
style=3D"PADDING-LEFT: 10px; FONT-WEIGHT: normal; FONT-SIZE: 10pt; =
COLOR: #000000; BORDER-TOP-STYLE: none; PADDING-TOP: 15px; FONT-STYLE: =
normal; FONT-FAMILY: Verdana; BORDER-RIGHT-STYLE: none; =
BORDER-LEFT-STYLE: none; TEXT-DECORATION: none; BORDER-BOTTOM-STYLE: =
none"=20
leftMargin=3D0 topMargin=3D0 acc_role=3D"text" CanvasTabStop=3D"true"=20
name=3D"Compose message area"><!--[gte IE 5]><?xml:namespace =
prefix=3D"v" /><?xml:namespace prefix=3D"o" /><![endif]-->
<DIV>
<DIV>Try this:</DIV>
<DIV>&nbsp;</DIV>
<DIV>mysql&gt; Grant All On snort.* to&nbsp;&nbsp;<A=20
title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>;</DIV>
<DIV>&nbsp;</DIV>
<DIV>or (if you have a password for snort user)&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>mysql&gt; Grant All On snort.* to <A title=3Dmailto:snort@localhost
=

href=3D"mailto:snort@localhost";>snort@localhost</A> Identified By=20
'password';</DIV>
<DIV>&nbsp;</DIV>
<DIV>[****If you have a password for snort user, you must use Identified
=
By=20
clause]</DIV>
<DIV><BR>Message: 1<BR>From: "Michael Steele" &lt;<A=20
title=3Dmailto:michaels () winsnort com=20
href=3D"mailto:michaels () winsnort com">michaels () winsnort com</A>&gt;<BR>T
o=
: &lt;<A=20
title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A>&gt;<BR>Subject:=20
RE: [Snort-users] Snort and MySQL<BR>Date: Sun, 29 Aug 2004 11:52:02=20
-0700<BR><BR>Looks like you have no access to the Snort database. Go =
back and=20
make SURE<BR>you can access the database with the credentials that you =
have in=20
the<BR>snort.conf file on the MySQL output database line.<BR><BR>Kindest
=

regards, <BR>Michael...<BR><BR>WINSNORT.com Management Team Member<BR>--
=

<BR>Pick up your FREE Windows or UNIX Snort installation=20
guides&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR><A=20
title=3Dmailto:support () winsnort com=20
href=3D"mailto:support () winsnort com">mailto:support () winsnort com</A><BR>
W=
ebsite:=20
<A title=3Dhttp://www.winsnort.com/=20
href=3D"http://www.winsnort.com";>http://www.winsnort.com</A><BR>Snort: =
Open Source=20
Network IDS - <A title=3Dhttp://www.snort.org/=20
href=3D"http://www.snort.org";>http://www.snort.org</A><BR><BR><BR>&gt;=2
0
-----Original Message-----<BR>&gt; From: <A=20
title=3Dmailto:snort-users-admin () lists sourceforge net=20
href=3D"mailto:snort-users-admin () lists sourceforge net">snort-users-admi
n=
@lists.sourceforge.net</A>=20
[mailto:snort-users-<BR>&gt; <A =
title=3Dmailto:admin () lists sourceforge net=20
href=3D"mailto:admin () lists sourceforge net">admin () lists sourceforge net<
/=
A>] On=20
Behalf Of Robert Spangler<BR>&gt; Sent: Sunday, August 29, 2004 10:35 =
AM<BR>&gt;=20
To: <A title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A><BR>&gt;=20
Subject: [Snort-users] Snort and MySQL<BR>&gt; <BR>&gt; Hello,<BR>&gt; =
<BR>&gt;=20
I seem to be having a problem setting up snort to use MySQL =
database.<BR>&gt;=20
<BR>&gt; When I run 'snort -c /etc/snort/snort.conf'&nbsp; I get the=20
following:<BR>&gt; <BR>&gt;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; Running in IDS=20
mode<BR>&gt; Log directory =3D /var/log/snort<BR>&gt; <BR>&gt; =
Initializing=20
Network Interface eth0<BR>&gt;=20
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --=3D=3D =
Initializing Snort=20
=3D=3D--<BR>&gt; Initializing Output Plugins!<BR>&gt; Decoding Ethernet
=
on interface=20
eth0<BR>&gt; Initializing Preprocessors!<BR>&gt; Initializing =
Plug-ins!<BR>&gt;=20
Parsing Rules file /etc/snort/snort.conf<BR>&gt; <BR>&gt;=20
+++++++++++++++++++++++++++++++++++++++++++++++++++<BR>&gt; Initializing
=
rule=20
chains...<BR>&gt; database: compiled support for ( MySQL )<BR>&gt; =
database:=20
configured to use MySQL<BR>&gt;=20
database:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; user =3D
=

snort<BR>&gt; database: database name =3D snort<BR>&gt;=20
database:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; host =3D
=

localhost<BR>&gt; database:&nbsp;&nbsp; sensor name =3D =
192.168.1.100<BR>&gt;=20
ERROR: database: MySQL_error: Access denied for user: <A=20
title=3D"mailto:'snort@localhost'"=20
href=3D"mailto:'snort@localhost'";>'snort@localhost'</A><BR>&gt; =
(Using<BR>&gt;=20
password: NO)<BR>&gt; Fatal Error, Quitting..<BR>&gt;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; <BR>&gt; <BR>&gt;=20
snort.conf has the following entry:<BR>&gt; <BR>&gt;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; output database:=20
log, MySQL, user=3Dsnort, password=3D******** dbname=3Dsnort<BR>&gt;=20
host=3Dlocalhost<BR>&gt;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; <BR>&gt; <BR>&gt;=20
MySQL was setup using this line for snort:<BR>&gt; <BR>&gt;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; grant INSERT,SELECT=20
on root.* to <A title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>;<BR>&gt; SET =
PASSWORD FOR <A=20
title=3D"mailto:snort@localhost=3DPASSOWRD('********'"=20
href=3D"mailto:snort@localhost=3DPASSOWRD('********'">snort@localhost=3D
P=
ASSOWRD('********'</A>);<BR>&gt;=20
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to <A=20
title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>;<BR>&gt; grant=20
CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;<BR>&gt;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; <BR>&gt; This was a=20
step by step guide I had followed to set this up.&nbsp; I'm =
hoping<BR>&gt;=20
someone might be able to see what I'm missing.&nbsp; Thnx<BR>&gt; =
<BR>&gt;=20
--<BR>&gt; <BR>&gt; Regards<BR>&gt; Robert<BR>&gt; <BR>&gt; =
Smile.....&nbsp; It=20
increases your face value.<BR>&gt; <BR>&gt; <BR>&gt; <BR>&gt;=20
-------------------------------------------------------<BR>&gt; This =
SF.Net=20
email is sponsored by BEA Weblogic Workshop<BR>&gt; FREE Java Enterprise
=
J2EE=20
developer tools!<BR>&gt; Get your free copy of BEA WebLogic Workshop 8.1
=

today.<BR>&gt; <A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3Dcl
i=
ck</A><BR>&gt;=20
_______________________________________________<BR>&gt; Snort-users =
mailing=20
list<BR>&gt; <A title=3Dmailto:Snort-users () lists sourceforge net=20
href=3D"mailto:Snort-users () lists sourceforge net">Snort-users () lists sour
c=
eforge.net</A><BR>&gt;=20
Go to this URL to change user options or unsubscribe:<BR>&gt; <A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>&gt;=20
Snort-users list archive:<BR>&gt; <A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR><BR><BR><BR

=

<BR><BR>-- __--__-- <BR><BR>Message:=20
2<BR>From: "pfeito" &lt;<A title=3Dmailto:pfeito () netcabo pt=20
href=3D"mailto:pfeito () netcabo pt">pfeito () netcabo pt</A>&gt;<BR>To: =
"'Keith W.=20
McCammon'" &lt;<A title=3Dmailto:mccammon () gmail com=20
href=3D"mailto:mccammon () gmail com">mccammon () gmail com</A>&gt;,<BR>&lt;<A
=

title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A>&gt;,<BR>&lt;<A=20
title=3Dmailto:hackerwacker () cybermesa com=20
href=3D"mailto:hackerwacker () cybermesa com">hackerwacker () cybermesa com</A

=

&gt;<BR>Subject:=20
RE: [Snort-users] Slow down TCP connections<BR>Date: Sun, 29 Aug 2004 =
20:13:54=20
+0100<BR><BR>I don't really have a final purpose, I'm just digging out =
what=20
proactive<BR>stuff there is out there for Snort. <BR>I don't need it, I
=
just=20
thought of it, as an example of proactive<BR>functionality and wanted to
=
find=20
out if there is such thing. I guess it is<BR>kind of stupid.... although
=
it=20
could be useful in an snort+honeypot<BR>scenario. Don't really put much
=
though=20
in it.<BR><BR>&gt; Why are you seeking and IDS to do traffic queueing =
?<BR>No.=20
That would be like trying to cut a steak with a spoon :P
!<BR><BR>&gt;=20
-----Original Message-----<BR>&gt; From: <A=20
title=3Dmailto:snort-users-admin () lists sourceforge net=20
href=3D"mailto:snort-users-admin () lists sourceforge net">snort-users-admi
n=
@lists.sourceforge.net</A>=20
[mailto:snort-users-<BR>&gt; <A =
title=3Dmailto:admin () lists sourceforge net=20
href=3D"mailto:admin () lists sourceforge net">admin () lists sourceforge net<
/=
A>] On=20
Behalf Of Keith W. McCammon<BR>&gt; Sent: domingo, 29 de Agosto de
2004=20
18:14<BR>&gt; To: <A title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A><BR>&gt;=20
Subject: Re: [Snort-users] Slow down TCP connections<BR>&gt; <BR>&gt; =
&gt; Right=20
know, I've just compiled and installed snort 2.2.0 with =
flexresp2<BR>&gt; &gt;=20
support. I'm about to test flexresp2 capabilities, but It seems to =
have<BR>&gt;=20
no<BR>&gt; &gt; support for slowing down TCP connections (i.e. for =
slowing down=20
TCP<BR>&gt; Scans<BR>&gt; &gt; for instance...)<BR>&gt; <BR>&gt; Why =
would Snort=20
want to "slow down" a TCP scan?&nbsp; Snort will catch it,<BR>&gt; and =
under=20
certain circumstances, flexresp2 can reset those<BR>&gt; =
connections.&nbsp;=20
That's pretty much the extent of Snort's involvement.<BR>&gt; <BR>&gt; =
&gt; Do=20
you know any plug-in that allows Snort to slow down TCP =
connections<BR>&gt;=20
speed<BR>&gt; &gt; (i.e. resize TCP window size) ?<BR>&gt; <BR>&gt; =
No.&nbsp;=20
What would you accomplish by doing this?&nbsp; Either block the<BR>&gt;
=
traffic=20
or don't.&nbsp; Slowing it down won't really get you anywhere<BR>&gt; =
(it'll=20
just take the attacker longer to do the same thing).<BR>&gt; <BR>&gt; =
<BR>&gt;=20
-------------------------------------------------------<BR>&gt; This =
SF.Net=20
email is sponsored by BEA Weblogic Workshop<BR>&gt; FREE Java Enterprise
=
J2EE=20
developer tools!<BR>&gt; Get your free copy of BEA WebLogic Workshop 8.1
=

today.<BR>&gt; <A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3Dcl
i=
ck</A><BR>&gt;=20
_______________________________________________<BR>&gt; Snort-users =
mailing=20
list<BR>&gt; <A title=3Dmailto:Snort-users () lists sourceforge net=20
href=3D"mailto:Snort-users () lists sourceforge net">Snort-users () lists sour
c=
eforge.net</A><BR>&gt;=20
Go to this URL to change user options or unsubscribe:<BR>&gt; <A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>&gt;=20
Snort-users list archive:<BR>&gt; <A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR><BR><BR><BR

=

<BR>-- __--__-- <BR><BR>Message:=20
3<BR>From: "Jim Hendrick" &lt;<A title=3Dmailto:jrhendri () maine rr com=20
href=3D"mailto:jrhendri () maine rr com">jrhendri () maine rr com</A>&gt;<BR>T
o=
:=20
"'pfeito'" &lt;<A title=3Dmailto:pfeito () netcabo pt=20
href=3D"mailto:pfeito () netcabo pt">pfeito () netcabo pt</A>&gt;, &lt;<A=20
title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A>&gt;<BR>Subject:=20
RE: [Snort-users] Slow down TCP connections<BR>Date: Sun, 29 Aug 2004 =
16:22:28=20
-0400<BR><BR>If you are looking to slow down scans, try a tarpit
(e.g.=20
labrea)<BR>flexrsp is really designed to reset TCP connections to halt =
an=20
attack.<BR><BR>-----Original Message-----<BR>From: <A=20
title=3Dmailto:snort-users-admin () lists sourceforge net=20
href=3D"mailto:snort-users-admin () lists sourceforge net">snort-users-admi
n=
@lists.sourceforge.net</A><BR>[mailto:snort-users-admin@lists.sourceforg
e=
.net]=20
On Behalf Of pfeito<BR>Sent: Sunday, August 29, 2004 12:57 PM<BR>To:
<A=20
title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A><BR>Subject:=20
[Snort-users] Slow down TCP connections<BR><BR><BR>Hi Guys,<BR><BR>I'm =
searching=20
for pro-active plug-ins for Snort.=3D20<BR><BR>Right know, I've just =
compiled and=20
installed snort 2.2.0 with flexresp2<BR>support. I'm about to test =
flexresp2=20
capabilities, but It seems to have =3D<BR>no<BR>support for slowing down
=
TCP=20
connections (i.e. for slowing down TCP =3D<BR>Scans<BR>for =
instance...)<BR><BR>Do=20
you know any plug-in that allows Snort to slow down TCP connections=20
=3D<BR>speed<BR>(i.e. resize TCP window size)=20
?<BR><BR>Thanks,<BR>-pfeito<BR><BR><BR><BR><BR>-------------------------
-=
-----------------------------<BR>This=20
SF.Net email is sponsored by BEA Weblogic Workshop<BR>FREE Java =
Enterprise J2EE=20
developer tools!<BR>Get your free copy of BEA WebLogic Workshop 8.1 =
today.<BR><A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D3D5047&amp;alloc_id=3D3D10808&amp;o
p=
=3D3Dclick=20
href=3D"http://ads.osdn.com/?ad_id=3D3D5047&amp;alloc_id=3D3D10808&amp;o
p=
=3D3Dclick">http://ads.osdn.com/?ad_id=3D3D5047&amp;alloc_id=3D3D10808&a
m=
p;op=3D3Dclick</A><BR>_______________________________________________<BR

=

Snort-users=20
mailing list<BR><A title=3Dmailto:Snort-users () lists sourceforge net=20
href=3D"mailto:Snort-users () lists sourceforge net">Snort-users () lists sour
c=
eforge.net</A><BR>Go=20
to this URL to change user options or unsubscribe:<BR><A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>Snort-users=20
list archive:<BR><A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3D3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3D3Dsnort-users";>ht
t=
p://www.geocrawler.com/redir-sf.php3?list=3D3Dsnort-users</A><BR><BR><BR

=

<BR><BR>-- __--__-- <BR><BR>Message:=20
4<BR>From: "pfeito" &lt;<A title=3Dmailto:pfeito () netcabo pt=20
href=3D"mailto:pfeito () netcabo pt">pfeito () netcabo pt</A>&gt;<BR>To: "'Jim
=

Hendrick'" &lt;<A title=3Dmailto:jrhendri () maine rr com=20
href=3D"mailto:jrhendri () maine rr com">jrhendri () maine rr com</A>&gt;,<BR>
&=
lt;<A=20
title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A>&gt;<BR>Subject:=20
RE: [Snort-users] Slow down TCP connections<BR>Date: Sun, 29 Aug 2004 =
21:36:32=20
+0100<BR><BR>That's a cool thing to play around. But right now I'm only
=
studying=20
plugins<BR>or modules for Snort. The slow down functionality was only =
one I=20
example I<BR>thought, but it seems not to make sense in a IDS. I'm =
concentrating=20
right<BR>now in developing one or two demos with=20
flexresp.<BR>Thanks,<BR>-pfeito<BR><BR><BR>&gt; -----Original=20
Message-----<BR>&gt; From: Jim Hendrick =
[mailto:jrhendri () maine rr com]<BR>&gt;=20
Sent: domingo, 29 de Agosto de 2004 21:22<BR>&gt; To: 'pfeito'; <A=20
title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A><BR>&gt;=20
Subject: RE: [Snort-users] Slow down TCP connections<BR>&gt; <BR>&gt; If
=
you are=20
looking to slow down scans, try a tarpit (e.g. labrea)<BR>&gt; flexrsp =
is really=20
designed to reset TCP connections to halt an attack.<BR>&gt; <BR>&gt;=20
-----Original Message-----<BR>&gt; From: <A=20
title=3Dmailto:snort-users-admin () lists sourceforge net=20
href=3D"mailto:snort-users-admin () lists sourceforge net">snort-users-admi
n=
@lists.sourceforge.net</A><BR>&gt;=20
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of =
pfeito<BR>&gt;=20
Sent: Sunday, August 29, 2004 12:57 PM<BR>&gt; To: <A=20
title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A><BR>&gt;=20
Subject: [Snort-users] Slow down TCP connections<BR>&gt; <BR>&gt; =
<BR>&gt; Hi=20
Guys,<BR>&gt; <BR>&gt; I'm searching for pro-active plug-ins for =
Snort.<BR>&gt;=20
<BR>&gt; Right know, I've just compiled and installed snort 2.2.0
with=20
flexresp2<BR>&gt; support. I'm about to test flexresp2 capabilities, but
=
It=20
seems to have no<BR>&gt; support for slowing down TCP connections (i.e.
=
for=20
slowing down TCP Scans<BR>&gt; for instance...)<BR>&gt; <BR>&gt; Do you
=
know any=20
plug-in that allows Snort to slow down TCP connections<BR>&gt; =
speed<BR>&gt;=20
(i.e. resize TCP window size) ?<BR>&gt; <BR>&gt; Thanks,<BR>&gt; =
-pfeito<BR>&gt;=20
<BR>&gt; <BR>&gt; <BR>&gt; <BR>&gt;=20
-------------------------------------------------------<BR>&gt; This =
SF.Net=20
email is sponsored by BEA Weblogic Workshop<BR>&gt; FREE Java Enterprise
=
J2EE=20
developer tools!<BR>&gt; Get your free copy of BEA WebLogic Workshop 8.1
=

today.<BR>&gt; <A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3Dcl
i=
ck</A><BR>&gt;=20
_______________________________________________<BR>&gt; Snort-users =
mailing=20
list<BR>&gt; <A title=3Dmailto:Snort-users () lists sourceforge net=20
href=3D"mailto:Snort-users () lists sourceforge net">Snort-users () lists sour
c=
eforge.net</A><BR>&gt;=20
Go to this URL to change user options or unsubscribe:<BR>&gt; <A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>&gt;=20
Snort-users list archive:<BR>&gt; <A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR>&gt;=20
<BR><BR><BR><BR><BR><BR>-- __--__-- <BR><BR>Message: 5<BR>From: "Patrick
=
S.=20
Harper" &lt;<A title=3Dmailto:patrick () internetsecurityguru com=20
href=3D"mailto:patrick () internetsecurityguru com">patrick@internetsecurit
y=
guru.com</A>&gt;<BR>To:=20
"'Miikka Hattberg'" &lt;<A title=3Dmailto:miikka () miikkah org=20
href=3D"mailto:miikka () miikkah org">miikka () miikkah org</A>&gt;,<BR>&nbsp;
&=
nbsp;=20
&lt;<A title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A>&gt;<BR>Subject:=20
RE: [Snort-users] Snort and MySQL<BR>Date: Sun, 29 Aug 2004 16:03:54=20
-0500<BR><BR>Not if you have your conf file set up right.&nbsp; The =
output=20
database line has<BR>that info.&nbsp; <BR><BR><BR><BR>Patrick S. Harper
=
| CISSP=20
RHCT MCSE<BR><A title=3Dhttp://www.internetsecurityguru.com/=20
href=3D"http://www.internetsecurityguru.com";>www.internetsecurityguru.co
m=
</A><BR><BR><A=20
title=3Dhttp://www.ntsug.org/ =
href=3D"http://www.ntsug.org";>www.ntsug.org</A> -=20
Snort Users Group<BR><BR>"If there is no light at the end of the tunnel,
=
get=20
down there and light the<BR>damn thing =
yourself!"<BR>&nbsp;<BR>-----Original=20
Message-----<BR>From: <A =
title=3Dmailto:snort-users-admin () lists sourceforge net=20
href=3D"mailto:snort-users-admin () lists sourceforge net">snort-users-admi
n=
@lists.sourceforge.net</A><BR>[mailto:snort-users-admin@lists.sourceforg
e=
.net]=20
On Behalf Of Miikka<BR>Hattberg<BR>Sent: Sunday, August 29, 2004 1:49 =
PM<BR>To:=20
<A title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A><BR>Subject:=20
Re: [Snort-users] Snort and MySQL<BR><BR><BR>I might be totally off, but
=

shouldn't you specify the MySQL username in the<BR>command whe you start
=

snort.<BR>like ' snort -u snort -c /etc/snort/snort.conf=20
'<BR><BR>m.<BR><BR>Robert Spangler =
wrote:<BR><BR>&gt;Hello,<BR>&gt;<BR>&gt;I=20
seem to be having a problem setting up snort to use MySQL=20
database.<BR>&gt;<BR>&gt;When I run 'snort -c =
/etc/snort/snort.conf'&nbsp; I get=20
the=20
following:<BR>&gt;<BR>&gt;=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>&gt;Running=20
in IDS mode<BR>&gt;Log directory =3D =
/var/log/snort<BR>&gt;<BR>&gt;Initializing=20
Network Interface =
eth0<BR>&gt;<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
--=3D=3D Initializing Snort =3D=3D--<BR>&gt;Initializing Output =
Plugins!<BR>&gt;Decoding=20
Ethernet on interface eth0<BR>&gt;Initializing=20
Preprocessors!<BR>&gt;Initializing Plug-ins!<BR>&gt;Parsing Rules
file=20
/etc/snort/snort.conf<BR>&gt;<BR>&gt;+++++++++++++++++++++++++++++++++++
+=
+++++++++++++++<BR>&gt;Initializing=20
rule chains...<BR>&gt;database: compiled support for ( MySQL =
)<BR>&gt;database:=20
configured to use=20
MySQL<BR>&gt;database:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n
b=
sp;=20
user =3D snort<BR>&gt;database: database name =3D=20
snort<BR>&gt;database:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n
b=
sp;=20
host =3D localhost<BR>&gt;database:&nbsp;&nbsp; sensor name =3D=20
192.168.1.100<BR>&gt;ERROR: database: MySQL_error: Access denied for =
user: <A=20
title=3D"mailto:'snort@localhost'"=20
href=3D"mailto:'snort@localhost'";>'snort@localhost'</A>=20
<BR>&gt;(Using<BR>&gt;password: NO)<BR>&gt;Fatal Error,=20
Quitting..<BR>&gt;=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D<BR>&gt;<BR>&gt;<BR>&gt;snort.conf=20
has the following=20
entry:<BR>&gt;<BR>&gt;=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>&gt;output=20
database: log, MySQL, user=3Dsnort, password=3D********
dbname=3Dsnort=20
<BR>&gt;host=3Dlocalhost=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt;<BR>&gt;<BR>&gt;MySQL=20
was setup using this line for=20
snort:<BR>&gt;<BR>&gt;=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>&gt;grant=20
INSERT,SELECT on root.* to <A title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>; SET PASSWORD FOR=20
<BR>&gt;snort@localhost=3DPASSOWRD('********');<BR>&gt;grant=20
CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to <A =
title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>; <BR>&gt;grant=20
CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;=20
<BR>&gt;=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D<BR>&gt;<BR>&gt;This=20
was a step by step guide I had followed to set this up.&nbsp; I'm =
<BR>&gt;hoping=20
someone might be able to see what I'm missing.&nbsp; =
Thnx<BR>&gt;<BR>&gt;&nbsp;=20
<BR>&gt;<BR><BR><BR><BR>------------------------------------------------
-=
------<BR>This=20
SF.Net email is sponsored by BEA Weblogic Workshop FREE Java =
Enterprise<BR>J2EE=20
developer tools!<BR>Get your free copy of BEA WebLogic Workshop 8.1 =
today.<BR><A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3Dcl
i=
ck</A><BR>_______________________________________________<BR>Snort-users
=

mailing list<BR><A title=3Dmailto:Snort-users () lists sourceforge net=20
href=3D"mailto:Snort-users () lists sourceforge net">Snort-users () lists sour
c=
eforge.net</A><BR>Go=20
to this URL to change user options or unsubscribe:<BR><A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>Snort-users=20
list archive:<BR><A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR><BR><BR><BR

=

-- __--__-- <BR><BR>Message:=20
6<BR>From: "Patrick S. Harper" &lt;<A=20
title=3Dmailto:patrick () internetsecurityguru com=20
href=3D"mailto:patrick () internetsecurityguru com">patrick@internetsecurit
y=
guru.com</A>&gt;<BR>To:=20
"'Michael Steele'" &lt;<A title=3Dmailto:michaels () winsnort com=20
href=3D"mailto:michaels () winsnort com">michaels () winsnort com</A>&gt;,<BR>
&=
nbsp;&nbsp;=20
&lt;<A title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A>&gt;,<BR>&nbsp;&nbsp;=20
"'Robert Spangler'" &lt;<A title=3Dmailto:bms () zoominternet net=20
href=3D"mailto:bms () zoominternet net">bms () zoominternet net</A>&gt;<BR>Sub
j=
ect: RE:=20
[Snort-users] Snort and MySQL<BR>Date: Sun, 29 Aug 2004 16:09:55=20
-0500<BR><BR>&nbsp;<BR>It looks like for some reason he did not give it
=
a=20
password in the conf<BR>file.&nbsp; The "using password: NO" is the tip
=
off I=20
believe.&nbsp; As well as the<BR>other output, it should look like
the=20
following.&nbsp; Notice the "Database:<BR>password is set".&nbsp; He =
does not=20
get that, but the other error at the end<BR>about using no =
password..&nbsp;=20
<BR><BR>What does your output line in your conf file look=20
like?<BR><BR><BR>database: compiled support for ( mysql
)<BR>database:=20
configured to use=20
mysql<BR>database:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
=
user =3D=20
snort<BR>database: password is set<BR>database: database name =3D=20
snort<BR>database:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
=
host =3D=20
localhost<BR>database:&nbsp;&nbsp; sensor name =3D=20
208.14.28.12<BR>database:&nbsp;&nbsp;&nbsp;&nbsp; sensor id =3D =
2<BR>database:=20
inconsistent cid information for=20
sid=3D2<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Recovering by=20
rolling forward the cid=3D35585<BR><BR><BR><BR>Patrick S. Harper | CISSP
=
RHCT=20
MCSE<BR><A title=3Dhttp://www.internetsecurityguru.com/=20
href=3D"http://www.internetsecurityguru.com";>www.internetsecurityguru.co
m=
</A><BR><BR><A=20
title=3Dhttp://www.ntsug.org/ =
href=3D"http://www.ntsug.org";>www.ntsug.org</A> -=20
Snort Users Group<BR><BR>"If there is no light at the end of the tunnel,
=
get=20
down there and light the<BR>damn thing =
yourself!"<BR>&nbsp;<BR>-----Original=20
Message-----<BR>From: <A =
title=3Dmailto:snort-users-admin () lists sourceforge net=20
href=3D"mailto:snort-users-admin () lists sourceforge net">snort-users-admi
n=
@lists.sourceforge.net</A><BR>[mailto:snort-users-admin@lists.sourceforg
e=
.net]=20
On Behalf Of Michael Steele<BR>Sent: Sunday, August 29, 2004 1:52 =
PM<BR>To: <A=20
title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A><BR>Subject:=20
RE: [Snort-users] Snort and MySQL<BR><BR>Looks like you have no access =
to the=20
Snort database. Go back and make SURE<BR>you can access the database =
with the=20
credentials that you have in the<BR>snort.conf file on the MySQL output
=
database=20
line.<BR><BR>Kindest regards,<BR>Michael...<BR><BR>WINSNORT.com =
Management Team=20
Member<BR>-- <BR>Pick up your FREE Windows or UNIX Snort installation=20
guides&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR><A=20
title=3Dmailto:support () winsnort com=20
href=3D"mailto:support () winsnort com">mailto:support () winsnort com</A><BR>
W=
ebsite:=20
<A title=3Dhttp://www.winsnort.com/=20
href=3D"http://www.winsnort.com";>http://www.winsnort.com</A><BR>Snort: =
Open Source=20
Network IDS - <A title=3Dhttp://www.snort.org/=20
href=3D"http://www.snort.org";>http://www.snort.org</A><BR><BR><BR>&gt;=2
0
-----Original Message-----<BR>&gt; From: <A=20
title=3Dmailto:snort-users-admin () lists sourceforge net=20
href=3D"mailto:snort-users-admin () lists sourceforge net">snort-users-admi
n=
@lists.sourceforge.net</A>=20
[mailto:snort-users- <BR>&gt; <A =
title=3Dmailto:admin () lists sourceforge net=20
href=3D"mailto:admin () lists sourceforge net">admin () lists sourceforge net<
/=
A>] On=20
Behalf Of Robert Spangler<BR>&gt; Sent: Sunday, August 29, 2004 10:35 =
AM<BR>&gt;=20
To: <A title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A><BR>&gt;=20
Subject: [Snort-users] Snort and MySQL<BR>&gt; <BR>&gt; Hello,<BR>&gt; =
<BR>&gt;=20
I seem to be having a problem setting up snort to use MySQL =
database.<BR>&gt;=20
<BR>&gt; When I run 'snort -c /etc/snort/snort.conf'&nbsp; I get the=20
following:<BR>&gt; <BR>&gt;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; Running in IDS=20
mode<BR>&gt; Log directory =3D /var/log/snort<BR>&gt; <BR>&gt; =
Initializing=20
Network Interface eth0<BR>&gt;=20
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --=3D=3D =
Initializing Snort=20
=3D=3D--<BR>&gt; Initializing Output Plugins!<BR>&gt; Decoding Ethernet
=
on interface=20
eth0<BR>&gt; Initializing Preprocessors!<BR>&gt; Initializing =
Plug-ins!<BR>&gt;=20
Parsing Rules file /etc/snort/snort.conf<BR>&gt; <BR>&gt;=20
+++++++++++++++++++++++++++++++++++++++++++++++++++<BR>&gt; Initializing
=
rule=20
chains...<BR>&gt; database: compiled support for ( MySQL )<BR>&gt; =
database:=20
configured to use MySQL<BR>&gt;=20
database:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; user =3D
=

snort<BR>&gt; database: database name =3D snort<BR>&gt;=20
database:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; host =3D
=

localhost<BR>&gt; database:&nbsp;&nbsp; sensor name =3D =
192.168.1.100<BR>&gt;=20
ERROR: database: MySQL_error: Access denied for user: <A=20
title=3D"mailto:'snort@localhost'"=20
href=3D"mailto:'snort@localhost'";>'snort@localhost'</A><BR>&gt; =
(Using<BR>&gt;=20
password: NO)<BR>&gt; Fatal Error, Quitting..<BR>&gt;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; <BR>&gt; <BR>&gt;=20
snort.conf has the following entry:<BR>&gt; <BR>&gt;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; output database:=20
log, MySQL, user=3Dsnort, password=3D******** <BR>&gt; dbname=3Dsnort =
host=3Dlocalhost=20
<BR>&gt; =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; <BR>&gt;=20
<BR>&gt; MySQL was setup using this line for snort:<BR>&gt; <BR>&gt;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; grant INSERT,SELECT=20
on root.* to <A title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>; SET PASSWORD FOR =
<BR>&gt; <A=20
title=3D"mailto:snort@localhost=3DPASSOWRD('********'"=20
href=3D"mailto:snort@localhost=3DPASSOWRD('********'">snort@localhost=3D
P=
ASSOWRD('********'</A>);<BR>&gt;=20
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to <BR>&gt; <A=20
title=3Dmailto:snort@localhost =
href=3D"mailto:snort@localhost";>snort@localhost</A>;=20
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* <BR>&gt; to
snort;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>&gt; <BR>&gt; This was a=20
step by step guide I had followed to set this up.&nbsp; I'm <BR>&gt; =
hoping=20
someone might be able to see what I'm missing.&nbsp; Thnx<BR>&gt; =
<BR>&gt;=20
--<BR>&gt; <BR>&gt; Regards<BR>&gt; Robert<BR>&gt; <BR>&gt; =
Smile.....&nbsp; It=20
increases your face value.<BR>&gt; <BR>&gt; <BR>&gt; <BR>&gt;=20
-------------------------------------------------------<BR>&gt; This =
SF.Net=20
email is sponsored by BEA Weblogic Workshop FREE Java <BR>&gt; =
Enterprise J2EE=20
developer tools!<BR>&gt; Get your free copy of BEA WebLogic Workshop 8.1
=

today.<BR>&gt; <A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3Dcl
i=
ck</A><BR>&gt;=20
_______________________________________________<BR>&gt; Snort-users =
mailing=20
list<BR>&gt; <A title=3Dmailto:Snort-users () lists sourceforge net=20
href=3D"mailto:Snort-users () lists sourceforge net">Snort-users () lists sour
c=
eforge.net</A><BR>&gt;=20
Go to this URL to change user options or unsubscribe:<BR>&gt; <A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>&gt;=20
Snort-users list archive:<BR>&gt; <A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR><BR><BR><BR

=

<BR><BR>-------------------------------------------------------<BR>This=
20
SF.Net email is sponsored by BEA Weblogic Workshop FREE Java =
Enterprise<BR>J2EE=20
developer tools!<BR>Get your free copy of BEA WebLogic Workshop 8.1 =
today.<BR><A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&amp;alloc_id=3D10808&amp;op=3Dcl
i=
ck</A><BR>_______________________________________________<BR>Snort-users
=

mailing list<BR><A title=3Dmailto:Snort-users () lists sourceforge net=20
href=3D"mailto:Snort-users () lists sourceforge net">Snort-users () lists sour
c=
eforge.net</A><BR>Go=20
to this URL to change user options or unsubscribe:<BR><A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>Snort-users=20
list archive:<BR><A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR><BR><BR><BR

=

-- __--__-- <BR><BR>Message:=20
7<BR>From: Juan Fernandez &lt;<A =
title=3Dmailto:Juan.Fernandez () deltathree com=20
href=3D"mailto:Juan.Fernandez () deltathree com">Juan.Fernandez@deltathree.
c=
om</A>&gt;<BR>To:=20
"<A title=3D"mailto:'snort-users () lists sourceforge net'"=20
href=3D"mailto:'snort-users () lists sourceforge net'">'snort-users@lists.s
o=
urceforge.net'</A>"<BR>&lt;<A=20
title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A>&gt;<BR>Date:=20
Mon, 30 Aug 2004 02:02:19 +0300<BR>Subject: [Snort-users] :&nbsp; setup
=
postfix=20
please help !!!!!!!!!!1<BR><BR>This message is in MIME format. Since =
your mail=20
reader does not understand<BR>this format, some or all of this message =
may not=20
be =
legible.<BR><BR>------_=3D_NextPart_001_01C48E1C.3533D7EB<BR>Content-Typ
e=
:=20
text/plain;<BR>charset=3D"iso-8859-1"<BR><BR>&nbsp;<BR>&nbsp;<BR><BR><BR

=

Hi guys,=20
<BR><BR>&nbsp;<BR><BR>Can someone please send to me his/heres main.cf =
file so I=20
can take it as an<BR>example to config my postfix on mt snort=20
sesnsors?<BR><BR>&nbsp;<BR><BR>I cant configure it aloe I massed up my =
main.cf=20
file..<BR><BR>&nbsp;<BR><BR>Please help...<BR><BR>&nbsp;<BR><BR>All I =
need to=20
configure is that the sensors will pass the mails to my<BR>internal =
exchange=20
server to my mailbox...<BR><BR>&nbsp;<BR><BR>Please help=20
!!!<BR><BR>&nbsp;<BR><BR>Thanks=20
!!!<BR><BR><BR>------_=3D_NextPart_001_01C48E1C.3533D7EB<BR>Content-Type
:=
=20
text/html;<BR>charset=3D"iso-8859-1"<BR><BR>&lt;!DOCTYPE HTML PUBLIC =
"-//W3C//DTD=20
HTML 4.0 Transitional//EN"&gt;<BR>&lt;HTML xmlns=3D"<A=20
title=3Dhttp://www.w3.org/TR/REC-html40=20
href=3D"http://www.w3.org/TR/REC-html40";>http://www.w3.org/TR/REC-html40
<=
/A>"=20
xmlns:o =3D <BR>"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
<BR>"urn:schemas-microsoft-com:office:word"&gt;&lt;HEAD&gt;<BR>&lt;META=
20
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;=20
charset=3Diso-8859-1"&gt;<BR><BR><BR>&lt;META content=3D"MSHTML =
6.00.2800.1458"=20
name=3DGENERATOR&gt;<BR>&lt;STYLE&gt;@page Section1 {size: 595.3pt =
841.9pt;=20
margin: 1.0in 1.25in 1.0in 1.25in; }<BR>P.MsoNormal {<BR>FONT-SIZE: =
12pt;=20
MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: "Times New Roman";=20
unicode-bidi: embed; TEXT-ALIGN: right<BR>}<BR>LI.MsoNormal =
{<BR>FONT-SIZE:=20
12pt; MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: "Times New =
Roman";=20
unicode-bidi: embed; TEXT-ALIGN: right<BR>}<BR>DIV.MsoNormal =
{<BR>FONT-SIZE:=20
12pt; MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: "Times New =
Roman";=20
unicode-bidi: embed; TEXT-ALIGN: right<BR>}<BR>A:link {<BR>COLOR:
blue;=20
TEXT-DECORATION: underline<BR>}<BR>SPAN.MsoHyperlink {<BR>COLOR:
blue;=20
TEXT-DECORATION: underline<BR>}<BR>A:visited {<BR>COLOR: purple;=20
TEXT-DECORATION: underline<BR>}<BR>SPAN.MsoHyperlinkFollowed {<BR>COLOR:
=
purple;=20
TEXT-DECORATION: underline<BR>}<BR>SPAN.EmailStyle17 {<BR>COLOR: =
windowtext;=20
FONT-FAMILY: Arial; mso-style-type: =
personal-compose<BR>}<BR>DIV.Section1=20
{<BR>page:
Section1<BR>}<BR>&lt;/STYLE&gt;<BR>&lt;/HEAD&gt;<BR>&lt;BODY=20
lang=3DEN-US vLink=3Dpurple link=3Dblue&gt;<BR>&lt;DIV&gt;&lt;FONT =
face=3DArial=20
color=3D#0000ff=20
size=3D2&gt;&lt;/FONT&gt;&amp;nbsp;&lt;/DIV&gt;<BR>&lt;DIV&gt;<BR>&lt;DI
V=
=20
class=3DOutlookMessageHeader dir=3Dltr align=3Dleft&gt;&lt;FONT =
face=3DTahoma=20
<BR>size=3D2&gt;&lt;/FONT&gt;&lt;/DIV&gt;&lt;FONT face=3DArial =
color=3D#0000ff=20
size=3D2&gt;&lt;/FONT&gt;&lt;/DIV&gt;<BR>&lt;DIV&gt;<BR>&lt;DIV=20
class=3DOutlookMessageHeader dir=3Dltr align=3Dleft&gt;&lt;FONT =
face=3DTahoma=20
<BR>size=3D2&gt;&lt;/FONT&gt;&lt;/DIV&gt;&lt;FONT face=3DArial =
color=3D#0000ff=20
size=3D2&gt;&lt;/FONT&gt;&lt;/DIV&gt;<BR>&lt;DIV&gt;&amp;nbsp;&lt;/DIV&g
t=
;<BR>&lt;P=20
dir=3Dltr&gt;<BR>&lt;DIV class=3DOutlookMessageHeader dir=3Dltr =
align=3Dleft&gt;&lt;FONT=20
face=3DTahoma <BR>size=3D2&gt;&lt;/FONT&gt;&lt;/DIV&gt;&lt;FONT =
face=3DArial=20
size=3D2&gt;&lt;SPAN <BR>style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"&gt;Hi=20
guys,&lt;o:p&gt;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;=20
<BR>&lt;P&gt;&lt;/P&gt;<BR>&lt;BLOCKQUOTE dir=3Drtl =
style=3D"MARGIN-LEFT:=20
0px"&gt;<BR>&nbsp; &lt;DIV class=3DSection1 dir=3Drtl&gt;<BR>&nbsp; =
&lt;P=20
class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi: embed;=20
TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
<BR>&nbsp; style=3D"FONT-SIZE: 10pt; FONT-FAMILY:=20
Arial"&gt;&lt;o:p&gt;&amp;nbsp;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt
;=
/P&gt;<BR>&nbsp;=20
&lt;P class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"&gt;Can someone please =
<BR>&nbsp;=20
send to me his/heres main.cf file so I can take it as an example to =
config my=20
<BR>&nbsp; postfix on mt snort=20
sesnsors?&lt;o:p&gt;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/P&gt;<BR>
&=
nbsp;=20
&lt;P class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
<BR>&nbsp; style=3D"FONT-SIZE: 10pt; FONT-FAMILY:=20
Arial"&gt;&lt;o:p&gt;&amp;nbsp;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt
;=
/P&gt;<BR>&nbsp;=20
&lt;P class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"&gt;I cant configure it =
<BR>&nbsp;=20
aloe I massed up my main.cf=20
file..&lt;o:p&gt;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/P&gt;<BR>&nb
s=
p;=20
&lt;P class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
<BR>&nbsp; style=3D"FONT-SIZE: 10pt; FONT-FAMILY:=20
Arial"&gt;&lt;o:p&gt;&amp;nbsp;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt
;=
/P&gt;<BR>&nbsp;=20
&lt;P class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"&gt;Please <BR>&nbsp;=20
help...&lt;o:p&gt;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/P&gt;<BR>&n
b=
sp;=20
&lt;P class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
<BR>&nbsp; style=3D"FONT-SIZE: 10pt; FONT-FAMILY:=20
Arial"&gt;&lt;o:p&gt;&amp;nbsp;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt
;=
/P&gt;<BR>&nbsp;=20
&lt;P class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"&gt;All I need to =
<BR>&nbsp;=20
configure is that the sensors will pass the mails to my internal =
exchange=20
<BR>&nbsp; server to my=20
mailbox...&lt;o:p&gt;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/P&gt;<BR

=

&nbsp;=20
&lt;P class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
<BR>&nbsp; style=3D"FONT-SIZE: 10pt; FONT-FAMILY:=20
Arial"&gt;&lt;o:p&gt;&amp;nbsp;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt
;=
/P&gt;<BR>&nbsp;=20
&lt;P class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"&gt;Please help
<BR>&nbsp;=20
!!!&lt;o:p&gt;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/P&gt;<BR>&nbsp;
=
&lt;P=20
class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi: embed;=20
TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
<BR>&nbsp; style=3D"FONT-SIZE: 10pt; FONT-FAMILY:=20
Arial"&gt;&lt;o:p&gt;&amp;nbsp;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt
;=
/P&gt;<BR>&nbsp;=20
&lt;P class=3DMsoNormal dir=3Dltr <BR>&nbsp; style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"&gt;&lt;FONT face=3DArial <BR>&nbsp; =
size=3D2&gt;&lt;SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"&gt;Thanks <BR>&nbsp;=20
!!!&lt;o:p&gt;&lt;/o:p&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;/DIV&g
t=
;&lt;/BLOCKQUOTE&gt;&lt;/BODY&gt;&lt;/HTML&gt;<BR><BR>------_=3D_NextPar
t=
_001_01C48E1C.3533D7EB--<BR><BR><BR>-- __--__-- <BR><BR>Message:=20
8<BR>From: "Andy" &lt;<A title=3Dmailto:andy () page55 com=20
href=3D"mailto:andy () page55 com">andy () page55 com</A>&gt;<BR>To: &lt;<A=20
title=3Dmailto:snort-users () lists sourceforge net=20
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A>&gt;<BR>Date:=20
Sun, 29 Aug 2004 18:22:48 -0500<BR>Subject: [Snort-users] glibc =
dependency=20
errors installing snort<BR><BR>Hi,<BR>I'm having problems installing =
snort, I'm=20
getting glibc dependency errors.<BR>I running RedHat 7.3, trying to =
install=20
snort-2.1.3-1.i386.rpm<BR><BR>I can't find a newer version of glibc =
other than=20
2.2.5 and really don't know<BR>what I'm doing anyway.<BR><BR>Am I having
=
these=20
problems because I'm running RH 7.3? Does snort 2.1.3-1<BR>run on RH=20
7.3?<BR><BR>Should I be installing a different =
package?<BR><BR>[root@tunes=20
snort]# rpm -ivh [root@tunes snort]# rpm=20
-ivh<BR>snort-2.1.3-1.i386.rpm<BR>error: failed=20
dependencies:<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
libc.so.6(GLIBC_2.3)&nbsp;&nbsp; is needed by =
snort-2.1.3-1<BR><BR>totally new=20
to this, hope you can=20
help.<BR><BR>Thanks,<BR>Andy<BR><BR><BR><BR><BR>-- __--__--
<BR><BR>_______=
________________________________________<BR>Snort-users=20
mailing list<BR><A title=3Dmailto:Snort-users () lists sourceforge net=20
href=3D"mailto:Snort-users () lists sourceforge net">Snort-users () lists sour
c=
eforge.net</A><BR><A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR><BR><BR>End=20
of Snort-users Digest<BR><BR></DIV></DIV></BODY></HTML>

------=_NextPart_000_0030_01C48E0D.6A360260--





--__--__--

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest






-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: