Snort mailing list archives
RE: RE: RE: Remote Mysql
From: "Snort" <Snort () InterCept Net>
Date: Mon, 21 Mar 2005 12:32:02 -0500
On your database, you will need to add login access from your sensor IP address. Here is the mysql sql commands to add a user to your db http://dev.mysql.com/doc/mysql/en/adding-users.html here is a typical strings for IDS agents GRANT SELECT,INSERT,UPDATE ON snort.* TO idsagent@'%' IDENTIFIED BY 'some_pass'; The % in idsagent@%, says connections can be made from anywhere using this account. Or you can specify your host in subsitution Michael Brown _____ From: Salil D. [mailto:salildumbre () rediffmail com] Posted At: Saturday, March 19, 2005 4:11 AM Posted To: Snort Conversation: RE: RE: [Snort-users] Remote Mysql Subject: Re: RE: RE: [Snort-users] Remote Mysql Thanks Michael, The compilation was quite fine. but I am facing these problems database: compiled support for ( mysql ) database: configured to use mysql database: user = root database: database name = snort database: host = 192.168.1.59 database: sensor name = 203.109.100.153 ERROR: database: mysql_error: Access denied for user: '@192.168.1.20' to database 'snort' Fatal Error, Quitting.. Kindly let me know of the required actions. Thanks, Salil. On Fri, 18 Mar 2005 Snort wrote :
You just need the mysql libs, so yes, compile snort with the -mysql and it will find the mysql libs if you have them in the default location. Otherwise you may have to specify the location. As a suggestion, to be
a
little bit more secure, I would run stunnel between the 2 devices and let mysql run on top of that. Thanks, Michael Brown _____ From: Salil D. [mailto:salildumbre () rediffmail com] Posted At: Friday, March 18, 2005 12:27 AM Posted To: Snort Conversation: RE: [Snort-users] Remote Mysql Subject: Re: RE: [Snort-users] Remote Mysql Hello Michael, I am installing snort on proxy and mysql on other host I probably need mysql client to run on the snort host any ideas ? Regards, Salil D. On Fri, 18 Mar 2005 Snort wrote :Not necessary if you already have mysql compiled in, just change itfromlocalhost to the remote host IP address output database: alert, mysql, user=unhuh dbname=IDS
sensor_name=pffft
sid=11 password=freewilly host=10.0.0.1 Thanks, Michael Brown _____ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Salil
D.
Posted At: Thursday, March 17, 2005 7:39 AM Posted To: Snort Conversation: [Snort-users] Remote Mysql Subject: [Snort-users] Remote Mysql Hello there, I was able to run snort with mysql both on same host I want to configure snort with mysql on remote machine what should be used with ./configure --with-mysql=????????? Thanks to all Salil. <http://clients.rediff.com/signature/track_sig.asp><http://clients.rediff.com/signature/track_sig.asp>
<http://clients.rediff.com/signature/track_sig.asp>
Current thread:
- Remote Mysql Salil D. (Mar 17)
- Re: Remote Mysql Jose Maria Lopez Hernandez (Mar 17)
- <Possible follow-ups>
- RE: Remote Mysql Snort (Mar 17)
- RE: RE: Remote Mysql Snort (Mar 18)
- RE: RE: RE: Remote Mysql Snort (Mar 21)