[Snort-users] Newbie setup question

Michael Steele michaels at ...155...
Wed Jun 20 20:01:37 EDT 2001


James,

First of all MySQL is not easy to setup for the first time user. You
stated you got an error (Syntax errors on ".") while configuring MySQL.
You should have stopped at that point and found the fix before
proceeding.

The line you stated that you typed to configure MySQL by no means
resembles the line in my how-to guide for installing Snort using Acid
located at:

http://www.silicondefense.com/techsupport/windows.htm

Secondly you stated this:

However, at this point I had to go back to the internet to download the
SNORT1.7 source as the create_mysql was not included with prior
Installations.  This would have been nice to know first (this is the
third
fetch of zip files, perhaps a archive with these files could be included
in
the MySQL binaries, and reduce the amount of fetching for files
required?
 
My how-to file clearly states this:

Note: Unfortunately there was no "contrib" folder supplied with version
1.7 of Snort for Win32. You will need to download the FULL source code
for Snort from http://www.snort.org and extract the "create_mysql" from
the "contrib" folder and place the "create_mysql" into the
"C:\MySQL\Bin" folder.

Thirdly you stated:

First test: At this point I got complaints that snort was not compiled
with
MySQL support.

You might want to go to http://www.sort.org and download and install the
correct version of Snort that is compiled for MySQL. This will be a
binary file that was compiled with the MySQL support for Snort that is
ready to install.

You made a few mistakes and I'm sure if you slowed down and read the
how-to and didn't take things for granted that it would have been a
smooth installation.

If you go back and fix those problems I would be happy to help you get
this going.

-Mike

        Commercial Snort Support
             1.866.41.SNORT
Silicon Defense - www.silicondefense.com
Michael Steele - Snort Support Technician


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of James
Friesen
Sent: Saturday, June 16, 2001 7:19 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Newbie setup question


Hi folks. The documentation seems to need a rewrite
since it's unable to answer my questions, and I've noticed that it's a
common question with many other people trying to install this.  I see
where
the problem is, but I don't know how to fix it.

Using Michael Steele's Document I tried to follow his instructions for
installing snort.  I'm not sure of the advantages of using a SQL
database in
this fashion (if anyone can explain the benefits vs tcpdumps I'd be
interesting in hearing) so I wanted to try it out.  I'm realizing MySQL
may
require a bit more knowledge and familiarity than I have.

Snort was working fine, and has been for 3 months.  I have taken notes
of
the steps I have taken so far to install Snort according to this
document,
and I will include it here, so you can see where Michael's steps worked,
and
where they failed for me:

Installing Snort according to Micheal Steele of SiliconDefense.com

Ok, before starting process, currently have snort running and logging in
tcpdump format .
Downloaded all components as required.
Installed MySQL according to the instructions.  NOTE:  Had a problem
with
the syntax of one of the parameters it required according to the MySQL
documents....

- Enter the following query in the Query screen:

    GRANT ALL PRIVILEGES ON *.* to 'user name'@localhost identified by
    'password' with grant option
   and click on the small green '>' on the top of the query screen.

This did not work at all. Syntax errors on "."  What is this parameter
supposed to be.  I'm assuming this will haunt me later.

Continued with set up of MySQL....

Finished MySQL setup and running as noted.

Created MySQL database for snort logs as directed ok.
Snort was already installed so the next section was skipped.

However, at this point I had to go back to the internet to download the
SNORT1.7 source as the create_mysql was not included with prior
installations.  This would have been nice to know first (this is the
third
fetch of zip files, perhaps a archive with these files could be included
in
the MySQL binaries, and reduce the amount of fetching for files
required?

WinPcap was already installed so the next section was skipped.

Testing Snort is where it broke completely.

First test: At this point I got complaints that snort was not compiled
with
MySQL support.

Second test: Ok, extracted the proper binary and installed it manually.
Ok
now it supports mysql, but a config error in the output module in
snort.conf
was broke and needed to be fixed.  Done.


Third test: ok, now we have a strange error that needs to be interpreted
first.

mysql_error: Access denied for user: '@MACH01' to database 'snort'

Looks like the user name isn't being passed, and my guess is the haunt
has
come back to haunt me.
Thanks in advance!!
-----  James Friesen - Integration Specialist
Lucretia Enterprises - info at ...2282...
www.lucretia.ca


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list