[Snort-users] Newbie setup question
lucretia at ...2281...
Sat Jun 16 10:19:04 EDT 2001
I have a bit of a newbie question. The documentation seems to need a rewrite
since it's unable to answer my questions, and I've noticed that it's a
common question with many other people trying to install this. I see where
the problem is, but I don't know how to fix it.
Using Michael Steele's Document I tried to follow his instructions for
installing snort. I'm not sure of the advantages of using a SQL database in
this fashion (if anyone can explain the benefits vs tcpdumps I'd be
interesting in hearing) so I wanted to try it out. I'm realizing MySQL may
require a bit more knowledge and familiarity than I have.
Snort was working fine, and has been for 3 months. I have taken notes of
the steps I have taken so far to install Snort according to this document,
and I will include it here, so you can see where Michael's steps worked, and
where they failed for me:
Installing Snort according to Micheal Steele of SiliconDefense.com
Ok, before starting process, currently have snort running and logging in
tcpdump format .
Downloaded all components as required.
Installed MySQL according to the instructions. NOTE: Had a problem with
the syntax of one of the parameters it required according to the MySQL
- Enter the following query in the Query screen:
GRANT ALL PRIVILEGES ON *.* to 'user name'@localhost identified by
'password' with grant option
and click on the small green '>' on the top of the query screen.
This did not work at all. Syntax errors on "." What is this parameter
supposed to be. I'm assuming this will haunt me later.
Continued with set up of MySQL....
Finished MySQL setup and running as noted.
Created MySQL database for snort logs as directed ok.
Snort was already installed so the next section was skipped.
However, at this point I had to go back to the internet to download the
SNORT1.7 source as the create_mysql was not included with prior
installations. This would have been nice to know first (this is the third
fetch of zip files, perhaps a archive with these files could be included in
the MySQL binaries, and reduce the amount of fetching for files required?
WinPcap was already installed so the next section was skipped.
Testing Snort is where it broke completely.
First test: At this point I got complaints that snort was not compiled with
Second test: Ok, extracted the proper binary and installed it manually. Ok
now it supports mysql, but a config error in the output module in snort.conf
was broke and needed to be fixed. Done.
Third test: ok, now we have a strange error that needs to be interpreted
mysql_error: Access denied for user: '@MACH01' to database 'snort'
Looks like the user name isn't being passed, and my guess is the haunt has
come back to haunt me.
Thanks in advance!!
----- James Friesen - Integration Specialist
Lucretia Enterprises - info at ...2282...
More information about the Snort-users