Snort mailing list archives
RE: Snort and MySQL
From: "Harper, Patrick" <Patrick.Harper () phns com>
Date: Wed, 9 Feb 2005 08:42:16 -0600
If you just made the change, yes, restart it. Have you set up the user snort with the password of snort (or whatever is in your snort.conf) in mysql yet? Have you set your permissions and tables too? -----Original Message----- From: sEc nErD [mailto:umkcguy1978 () yahoo com] Sent: Tuesday, February 08, 2005 8:06 PM To: Robert Spangler; snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort and MySQL ok below are the details of whtz up with my snort...it is having all alerts in /var/log/snort/alert file but just that nothing in mysql database.one thing happened was mysql was not running ,then i started mysqld from init.d since i started it aftre i was running snort..do i need to stop and restart snort??so that it connects to the database if yes what would be the command for that!! [root@localhost snort]# ps -ef| grep snort snort 1791 1 0 08:42 ? 00:00:46 /usr/sbin/snort -A fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort [root@localhost snort]# ps -ef| grep mysql root 2029 1 0 08:42 ? 00:00:00 /bin/sh /usr/bin/safe_mysqld --defaults-file=/etc/my.cnf mysql 2053 2029 0 08:42 ? 00:00:00 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking line in my snort.conf that i have uncommented: output database: log, mysql, user=snort password=snort dbname=snort host=localhost output from /var/log/messages Feb 8 14:49:48 localhost sshd(pam_unix)[3049]: session opened for user root by (uid=0) Feb 8 15:15:30 localhost mysqld: Starting MySQL: succeeded Feb 8 16:32:24 localhost kernel: UDF-fs: No VRS found Feb 8 16:33:59 localhost sshd(pam_unix)[2894]: session closed for user root Feb 8 16:34:01 localhost sshd(pam_unix)[3049]: session closed for user root Feb 8 16:34:47 localhost sshd(pam_unix)[3290]: session opened for user root by (uid=0) Feb 8 16:58:15 localhost sshd(pam_unix)[3375]: session opened for user root by (uid=0) Feb 8 17:06:49 localhost sshd(pam_unix)[3290]: session closed for user root Feb 8 17:06:54 localhost sshd(pam_unix)[3375]: session closed for user root Feb 8 19:56:25 localhost sshd(pam_unix)[3552]: session opened for user root by (uid=0) --- Robert Spangler <bms () zoominternet net> wrote:
On Sun August 29 2004 13:35, Robert Spangler wrote:I seem to be having a problem setting up snort touse MySQL database. I had an error in my snort.conf filesnort.conf has the following entry:===================================================output database: log, MySQL, user=snort,password=******** dbname=snorthost=localhost=================================================== The above was placed in the wrong area of the config. When this was corrected snort seemed to run without any problems. NOW I don't think things are running correctly. I run a scan against my machine using CIS and it does it's reporting but I never see anything in ACID or OpenAanval. I used the following quick setup guide written by Patrick Harper at http://www.internetsecurityguru.com/ -- Regards Robert Smile..... It increases your face value.
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort and MySQL sEc nErD (Feb 08)
- Re: Snort and MySQL James Riden (Feb 08)
- <Possible follow-ups>
- RE: Snort and MySQL Harper, Patrick (Feb 09)
- RE: Snort and MySQL sEc nErD (Feb 09)
- RE: Snort and MySQL Joshua Berry (Feb 09)
- RE: Snort and MySQL sEc nErD (Feb 10)