[Snort-users] ACID 0.9.5 Released

Roman Danyliw roman at ...438...
Fri Jan 19 16:15:56 EST 2001


Kevin,

On Fri, 19 Jan 2001 Kevin.Brown at ...1022... wrote:

> > I take your message as an opportunity to ask if there is space in this
> > mailing-list for discussion about daily usage of  ACID. I use it since
> > a month
> > and surely am one of your most enthoustiastic fan(s) in France !! :-)
> >
> > More seriously, I would like to expand the usage of ACID sensors to
> > build a
> > Distributed IDS for a large network (with a lot of that f*!#@* things
> > called
> > switches !! :-)).
> >
> > Does anyone here have some experience of that ?
>
> That is essentially what I'm trying to set up on my network.  Basically
> use
> the fact that snort can log it's alerts to a remote SQL server and just
> have
> all the servers send their data there.  The problem I've encountered
> with this
> is that I can get snort to log to a local db (on the same host), but for
> the
> life of me can't figure out why the remote machine is refusing the
> connection.

Are you able to login to the database with the mysql client from the
remote machine to the DB machine?  If you are unable to connect, what
kind of error message is returned.  Have you checked whether the account
you are using has permissions to login to MySQL from that host.  Mysql
uses a user at ...780... pair as the real username.  Therefore, user1 at ...274...
might work, but on another machine user1 at ...1174... will not.

cheers,
Roman





More information about the Snort-users mailing list