[Snort-users] snort-1.6.3-patch2-WIN32-mysql

Frank Reid fcreid at ...691...
Tue Oct 24 21:58:41 EDT 2000


Jed, as you know, the problem turned out to be a mis-constructed "open
database" call in the rules file.  I used commas between each parameter,
when they're only wanted for the first couple.  Again, thanks tremendously
for your help.  The community is very lucky to have folks like you willing
to take time with hand-holding, as you have mine the past couple days.
Appreciate it greatly.

Frank

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Jed Pickel
Sent: Tuesday, October 24, 2000 19:59
To: Frank Reid
Cc: Snort Users
Subject: Re: [Snort-users] snort-1.6.3-patch2-WIN32-mysql


> I would like to deploy standalone sensors that report back to a single
MySQL
> database.  I have the database working fine on a central platform (FreeBSD
> 4, Snort 1.70 Beta and MySQL 3.22).  However, when I compile/install/run
> Snort 1.70 on a remote machine, configured to report to the central
server,
> it wants to use the MySQL server running locally.  (I'd prefer not even to
> install MySQL client/server on the remote machine.)
>
> What am I missing?  I thought this would be the function of the
> "host=hostname" parameter on the locally executed Snort rules?

Hmmm.. I am not sure I understand the issue. Are you having trouble
logging to a database on a remote host? If so send me a copy of your
configuration and the messages snort displays where the problem is.

The sensor machines will not require the full mysql distro... They
will only need the mysqlclient library.

* Jed
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users





More information about the Snort-users mailing list