[Snort-sigs] Re: [Snort-users] snort-mysql will not start

CasperLinux CasperLinux at ...1143...
Wed Feb 8 15:44:03 EST 2006


On Wednesday 08 February 2006 09:03, you wrote:
> Could you post some actual responses and error's?

FATAL ERROR: Undefined variable name: (/etc/snort/snort.conf:508)

That line is defined in my post yesterday.
>
> First thing would be to check the (OLD PASSWORD) issue with < 4.x versions
> vs. > 4.1 versions.
>
> Ensure the user is set up on the right host.  Patrick alluded to checking
> this so I won't repeat him.

I can use the same user/password on the host (only one box) via mysql; login 
and confirm the user is able to view.  I get the same results if I change to 
root for mysql as well.  PUtting it into the configuration will not work.
>
> Most of the troubles I have is ensuring the account has permissions to the
> database on the correct host.
>
> Steps should be.
> ----------------
> Create database and build.
>
> Create user on appropriate hosts.
>
> Add permissions to database for user.  Ensuring correct host info also.
>
> Verify it.
>

The one I did out of order was build the database.  I had the database 
created, added the user, added permissions verified he could access the 
database then ran the snort-mysql setup since that asked for the user 
information during setup.  Same steps I did last time I installed but for 
some reason this time I can't get it to work.

If I hadn't promised myself to stop uninstalling and reinstalling (M$ trained 
- sorry) I'd simply try to wipe this out and start again.  I may have to 
anyway I guess.  

Thanks

Don
>
>
> Cheers,
>
> James Friesen, CIO
>
> Lucretia Enterprises
> "Our World Is Here..."
> Info at lucretia dot ca
> http://lucretia.ca
>
> > -----Original Message-----
> > From: CasperLinux [mailto:CasperLinux at ...1143...]
> > Sent: Tuesday, February 07, 2006 7:06 PM
> > To: snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] snort-mysql will not start
> >
> > On Sunday 22 January 2006 18:23, DonM wrote:
> > I offer myself up for public humiliation but I'm at my wits
> > end (short run I know).
> >
> > I had a problem with my box and had to rebuild. This time I
> > stuck with Debian Testing to avoid my problem.  Now I'm
> > reinstalling snort-mysql again and even though I fixed this
> > once I'm in the same position AGAIN!.
> >
> > > I am running Debian unstable and added the snort-mysql
> >
> > package.  This
> >
> > > installed snort and mysql (5.0).  I've added EMS software's Mysql
> > > Manager
> > > (trial) to control access to the databases.
> > >
> > > I added a database called snort to mysql and then
> >
> > configured snort to
> >
> > > point to this database and configured the database
> >
> > structure via the
> >
> > > supplied file.
> > >
> > > I verified (via MySQL Manager) that the structure exists
> >
> > where it was
> >
> > > not there before.
> > >
> > > However, everytime I attmept to start snort I get the
> >
> > following error:
> > > FATAL ERROR: Undefined variable name:
> >
> > (/etc/snort/snort.conf:508):  I
> >
> > > checked the internet and can find not exact matches to this problem.
> >
> > This is the line that is bad according to the error message:
> >
> > output database: log, mysql, user=xxxxxxxxxx password=xxxxxx
> > dbname=snort host=[name of box]
> >
> > I have verified the username and password are correct by
> > loggin in using mysql and it works properly.  I have verified
> > that the structure is present.  I tried changing the host to
> > 127.0.0.1 (which is the onlyl way I can get mySQL-Manager to
> > connect and to localhost - all without any luck.
> >
> > I'm stuck.  The joke on me is I fixed this last time but
> > didn't write down what I did :(
> >
> > Be gentle please.
> >
> > Don
> > --
> > - Powered by Debian Linux -
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep
> > through log files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.
> > DOWNLOAD SPLUNK!
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&
> > dat=121642
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
- Powered by Debian Linux - 




More information about the Snort-sigs mailing list