Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and SQL on PFsense

From: Josh Bitto <jbitto () onlineschool ca>
Date: Fri, 1 Feb 2013 11:00:01 -0800
Ok I got it communicating to my sql database....I had to use 127.0.0.1 instead of the other IP address.

Now everything works the only thing that I'm not getting is data.....

I have copy and pasted the barnyard2 schema example and put it into the schema for my database....The forums for 
pfsense says to do that....I still don't get any data though.




-----Original Message-----
From: Jeremy Hoel [mailto:jthoel () gmail com] 
Sent: Friday, February 01, 2013 9:55 AM
To: Josh Bitto
Cc: Snort Users
Subject: Re: [Snort-users] Snort and SQL on PFsense

You need to make sure on the sql server you give permissions for the user 'root' to connect from the remote IP 
(assuming your sql server is not on the same server as snort/barnyard?)

If they are on the same server, then make the host localhost and not an ip.

And you should, as a good practice, not use the root user for the DB updates.. make a new user, and give that user 
permissions on the db.

On Fri, Feb 1, 2013 at 4:39 PM, Josh Bitto <jbitto () onlineschool ca> wrote:

Ok...So I got the sql database setup and then in the barnyard tab I 
put

output database: alert, mysql, dbname=SnortDB user=root host= 
192.168.125.10 password=******

Is this right?

Cause when I run it in the log files it gives a fatal error...

FATAL ERROR: database: ;mysql_error: Can't connect to MySQL server on 
192.168.125.10' (61)





-----Original Message-----
From: Jeremy Hoel [mailto:jthoel () gmail com]
Sent: Thursday, January 31, 2013 2:39 PM
To: Josh Bitto
Cc: Snort Users
Subject: Re: [Snort-users] Snort and SQL on PFsense

Barnyard2 is the tool that is used to send snort alerts to sql.

Snort doesn't do anything else with logs..

On Thu, Jan 31, 2013 at 9:56 PM, Josh Bitto <jbitto () onlineschool ca> wrote:

Has anyone had any experience setting up Snort to copy log files to mysql or an sql server? We're using snort on 
pfsense so it wouldn't be a regular distro that I would be running snort on.



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: