[Snort-users] Snort + Acid w/ MySQL question(s)

alexus ml at ...1718...
Fri May 11 22:15:29 EDT 2001


that's it! now it's working just fine! thanks a lot !

----- Original Message -----
From: <roman at ...438...>
To: "alexus" <ml at ...1718...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Friday, May 11, 2001 6:04 PM
Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)


> This is because you are trying to redefine the built in facility
> alert.  Scroll further down in the sample config file  until
> you find the text:
>
> # database: log to a variety of databases
> # ---------------------------------------
> # See the README.database file for more information about configuring
> # and using this plugin.
> #
> # output database: log, mysql, user=root password=test dbname=snort17
host=localhost
> # output database: log, postgresql, user=snort dbname=snort
> # output database: log, unixodbc, user=snort dbname=snort
>
> Uncomment and configure one of these database config lines.
>
> Roman
>
> > if i change ruletype from redalert to alert or to log i get this
> >
> > ......
> > Initializing rule chains...
> > ERROR line /usr/local/bin/snort.conf (215): Duplicate keyword: alert
> > su-2.04#
> >
> >
> > ----- Original Message -----
> > From: <roman at ...438...>
> > To: "alexus" <ml at ...1718...>
> > Cc: <snort-users at lists.sourceforge.net>
> > Sent: Friday, May 11, 2001 11:50 AM
> > Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
> >
> >
> > > Do you have rules which trigger on the facility "redalert".  The
> > > default rules typically are "alert" or "log".
> > >
> > > Roman
> > >
> > > > i used this file to create rest of tables, now all tables seems to
be
> > > > inplace
> > > > although still there are some strange things are happening:
> > > >
> > > > when i go to http://box.nexgen.com/acid/
> > > >
> > > > i dont see anything anything, i mean no data, that snort should've
put
> > into
> > > > database... any ideas?
> > > >
> > > > that's part of my snort.conf about mysql db.
> > > >
> > > > ruletype redalert
> > > > {
> > > >   type alert
> > > >   output alert_syslog: LOG_AUTH LOG_ALERT
> > > >   output database: log, mysql, user=xxx dbname=xxx host=localhost
> > > > password=xxx
> > > > }
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: <roman at ...438...>
> > > > To: "alexus" <ml at ...1718...>
> > > > Cc: <snort-users at lists.sourceforge.net>
> > > > Sent: Thursday, May 10, 2001 5:23 PM
> > > > Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
> > > >
> > > >
> > > > > OK, lets avoid the automated table creation for now.  Try running
> > > > > the SQL manually (create_acid_tbls_mysql.sql)
> > > > >
> > > > > Roman
> > > > >
> > > > > > mysql> select * from user where user='alexus';
> > > > > >
> > > >
> >
+-----------+--------+------------------+-------------+-------------+-------
> > > > >
> > > >
> >
> ------+-------------+-------------+-----------+-------------+-------------
> > > > --
> > > > > >
> > > >
> >
+--------------+-----------+------------+-----------------+------------+----
> > > > > > --------+
> > > > > > | Host      | User   | Password         | Select_priv |
Insert_priv
> > |
> > > > > > Update_priv | Delete_priv | Create_priv | Drop_priv |
Reload_priv |
> > > > > > Shutdown_priv | Process_priv | File_priv | Grant_priv |
> > References_priv
> > > > |
> > > > > > Index_priv | Alter_priv |
> > > > > >
> > > >
> >
+-----------+--------+------------------+-------------+-------------+-------
> > > > >
> > > >
> >
> ------+-------------+-------------+-----------+-------------+-------------
> > > > --
> > > > > >
> > > >
> >
+--------------+-----------+------------+-----------------+------------+----
> > > > > > --------+
> > > > > > | localhost | alexus | 34484ed463a66850 | Y           | Y
> > | N
> > > > > > | Y           | N           | N         | N           | N
> > |
> > > > N
> > > > > > | N         | N          | N               | N          | N
> > |
> > > > > >
> > > >
> >
+-----------+--------+------------------+-------------+-------------+-------
> > > > >
> > > >
> >
> ------+-------------+-------------+-----------+-------------+-------------
> > > > --
> > > > > >
> > > >
> >
+--------------+-----------+------------+-----------------+------------+----
> > > > > > --------+
> > > > > > 1 row in set (0.00 sec)
> > > > > >
> > > > > > mysql>
> > > > > >
> > > > > >
> > > > > > i copy and paste mysql output to show you that i do have all
right
> > > > > > privileges
> > > > > >
> > > > > > i also upgrade acid to 0.9.6b9 (which is latest beta for today)
> > > > > >
> > > > > > it still doesn't work
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: <roman at ...438...>
> > > > > > To: "alexus" <ml at ...1718...>
> > > > > > Cc: <snort-users at lists.sourceforge.net>
> > > > > > Sent: Thursday, May 10, 2001 11:18 AM
> > > > > > Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
> > > > > >
> > > > > >
> > > > > > > One observation:
> > > > > > >
> > > > > > > - ACID 0.9.5 does not use ADODB.  This DB abstraction was
> > > > > > > introduced in 0.9.6b2 (Jan 2001).  Hence, this addition into
> > > > > > > acid_conf.php will be ignored.
> > > > > > >
> > > > > > > Two recommendations:
> > > > > > >
> > > > > > > - are you sure that you have CREATE permissions on the DB
> > > > > > > user set in acid_conf.php?  If all else fails, try using the
> > > > > > > "create_acid_tbls_mysql.sql" to manually create the ACID
> > > > > > > tables.
> > > > > > >
> > > > > > > - upgrade to a more recent version of ACID => 0.9.6b9.  There
> > > > > > > are significant feature improvements as well as bug fixes.  If
you
> > > > > > > prefer an older version, upgrade to at least 0.9.6b1 for it
has
> > > > > > > a number of important bug fixes
> > > > > > >
> > > > > > > cheers,
> > > > > > > Roman
> > > > > > >
> > > > > > > > I'm using the following:
> > > > > > > >
> > > > > > > > FreeBSD 4.3 - RELEASE (STABLE)
> > > > > > > > ACID-0.9.5 - RELEASE (STABLE)
> > > > > > > > ADODB v1.0.1 - RELEASE (STABLE)
> > > > > > > > PHP - 4.0.5 - RELEASE (STABLE)
> > > > > > > > APACHE - 1.3.19 - RELEASE (STABLE)
> > > > > > > > SNORT - 1.7 - RELEASE (STABLE)
> > > > > > > >
> > > > > > > > to compile snort i used following line:
> > > > > > > > ../configure --with-mysql=/usr/local/mysql;make;make install
> > > > > > > >
> > > > > > > > i did change acid_conf.php i put path to adodb
> > > > > > > >
> > > > > > > > in adodb
> > > > > > > >
> > > > > > > > i put local path in adodb.inc.php
> > > > > > > >
> > > > > > > > when i go to http://localhost/acid it redirects me to
> > acid_main.php
> > > > and
> > > > > > when
> > > > > > > > it gets there i get this:
> > > > > > > >
> > > > > > > > The underlying database alexus at ...274... apears to be
invalid.
> > > > > > > >
> > > > > > > > The database version is valid, but the ACID DB structure
(table:
> > > > > > acid_ag) is
> > > > > > > > not present. Use the Setup page to configure and optimize
the DB
> > > > > > > >
> > > > > > > > when i click on "Setup page"
> > > > > > > >
> > > > > > > > in status window i get "DONE" for "Search Indexes" and i
have
> > > > "Create
> > > > > > ACID
> > > > > > > > AG" for "ACID tables" i'm assuming i need to click on
"Create
> > ACID
> > > > AG",
> > > > > > when
> > > > > > > > I do that nothing happenes, it won't disappear or it won't
> > change
> > > > status
> > > > > > to
> > > > > > > > "DONE".. what am i missing?
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Snort-users mailing list
> > > > > > > > Snort-users at lists.sourceforge.net
> > > > > > > > Go to this URL to change user options or unsubscribe:
> > > > > > > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > > > > Snort-users list archive:
> > > > > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ---------------------------------------------
> > > > > > > This message was sent using Voicenet WebMail.
> > > > > > >       http://www.voicenet.com/webmail/
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > ---------------------------------------------
> > > > > This message was sent using Voicenet WebMail.
> > > > >       http://www.voicenet.com/webmail/
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users at lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > >
> > >
> > >
> > >
> > > ---------------------------------------------
> > > This message was sent using Voicenet WebMail.
> > >       http://www.voicenet.com/webmail/
> > >
> > >
> > >
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
>
> ---------------------------------------------
> This message was sent using Voicenet WebMail.
>       http://www.voicenet.com/webmail/
>
>
>





More information about the Snort-users mailing list