Snort mailing list archives

RE: RE: RE: Remote Mysql

From: "Snort" <Snort () InterCept Net>
Date: Mon, 21 Mar 2005 12:32:02 -0500

On your database, you will need to add login access from your sensor IP
address.

 

Here is the mysql sql commands to add a user to your db

http://dev.mysql.com/doc/mysql/en/adding-users.html

 

here is a typical strings for IDS agents

 

GRANT SELECT,INSERT,UPDATE ON snort.* TO idsagent@'%'  IDENTIFIED BY
'some_pass';
 
The % in idsagent@%, says connections can be made from anywhere using
this account.

 

Or you can specify your host in subsitution

 

Michael Brown

  _____  

From: Salil D. [mailto:salildumbre () rediffmail com] 
Posted At: Saturday, March 19, 2005 4:11 AM
Posted To: Snort
Conversation: RE: RE: [Snort-users] Remote Mysql
Subject: Re: RE: RE: [Snort-users] Remote Mysql
  


Thanks Michael,
The compilation was quite fine.
but I am facing these problems

database: compiled support for ( mysql )
database: configured to use mysql
database:          user = root
database: database name = snort
database:          host = 192.168.1.59
database:  sensor name = 203.109.100.153
ERROR: database: mysql_error: Access denied for user: '@192.168.1.20' to
database 'snort'
Fatal Error, Quitting..

Kindly let me know of the required actions.

Thanks,

Salil.


On Fri, 18 Mar 2005 Snort wrote :

You just need the mysql libs, so yes, compile snort with the -mysql and
it will find the mysql libs if you have them in the default location.
Otherwise you may have to specify the location. As a suggestion, to be

little bit more secure, I would run stunnel between the 2 devices and
let mysql run on top of that.



Thanks,

Michael Brown

 _____

From: Salil D. [mailto:salildumbre () rediffmail com]
Posted At: Friday, March 18, 2005 12:27 AM
Posted To: Snort
Conversation: RE: [Snort-users] Remote Mysql
Subject: Re: RE: [Snort-users] Remote Mysql



Hello Michael,

I am installing snort on proxy and mysql on other host
I probably need mysql client to run on the snort host
any ideas ?

Regards,
Salil D.


On Fri, 18 Mar 2005 Snort wrote :

Not necessary if you already have mysql compiled in, just change it

from

localhost to the remote host IP address

output database: alert, mysql, user=unhuh dbname=IDS

sensor_name=pffft

sid=11 password=freewilly host=10.0.0.1

Thanks,
Michael Brown
 _____

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Salil

D.

Posted At: Thursday, March 17, 2005 7:39 AM
Posted To: Snort
Conversation: [Snort-users] Remote Mysql
Subject: [Snort-users] Remote Mysql


Hello there,

I was able to run snort with mysql both on same host
I want to configure snort with mysql on remote machine

what should be used with ./configure --with-mysql=?????????


Thanks to all

Salil.


 <http://clients.rediff.com/signature/track_sig.asp>




 <http://clients.rediff.com/signature/track_sig.asp>




 <http://clients.rediff.com/signature/track_sig.asp>

Current thread:

Remote Mysql Salil D. (Mar 17)
- Re: Remote Mysql Jose Maria Lopez Hernandez (Mar 17)
- <Possible follow-ups>
- RE: Remote Mysql Snort (Mar 17)
- RE: RE: Remote Mysql Snort (Mar 18)
- RE: RE: RE: Remote Mysql Snort (Mar 21)