[Snort-users] Snort + Acid w/ MySQL question(s)

alexus ml at ...1718...
Sat May 12 00:54:45 EDT 2001


i'm running acid-0.9.6b9 this is the latest

----- Original Message -----
From: <roman at ...438...>
To: "alexus" <ml at ...1718...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Friday, May 11, 2001 6:31 PM
Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)


> What version of ACID are you running.  If you are not running
> 0.9.6b9, try to upgrading.
>
> Roman
>
> > although couple thing still remaining/bothering me
> >
> > from acid_main.php
> >
> > whenever I click on Source IP address or Dest IP address I get following
> > error:
> >
> > Database ERROR:Unknown column 'ip_src0' in 'field list'
> >
> > what am I missing now?
> >
> > ----- Original Message -----
> > From: "alexus" <ml at ...1718...>
> > To: <roman at ...438...>
> > Cc: <snort-users at lists.sourceforge.net>
> > Sent: Friday, May 11, 2001 10:15 PM
> > Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
> >
> >
> > > that's it! now it's working just fine! thanks a lot !
> > >
> > > ----- Original Message -----
> > > From: <roman at ...438...>
> > > To: "alexus" <ml at ...1718...>
> > > Cc: <snort-users at lists.sourceforge.net>
> > > Sent: Friday, May 11, 2001 6:04 PM
> > > Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
> > >
> > >
> > > > This is because you are trying to redefine the built in facility
> > > > alert.  Scroll further down in the sample config file  until
> > > > you find the text:
> > > >
> > > > # database: log to a variety of databases
> > > > # ---------------------------------------
> > > > # See the README.database file for more information about
configuring
> > > > # and using this plugin.
> > > > #
> > > > # output database: log, mysql, user=root password=test
dbname=snort17
> > > host=localhost
> > > > # output database: log, postgresql, user=snort dbname=snort
> > > > # output database: log, unixodbc, user=snort dbname=snort
> > > >
> > > > Uncomment and configure one of these database config lines.
> > > >
> > > > Roman
> > > >
> > > > > if i change ruletype from redalert to alert or to log i get this
> > > > >
> > > > > ......
> > > > > Initializing rule chains...
> > > > > ERROR line /usr/local/bin/snort.conf (215): Duplicate keyword:
alert
> > > > > su-2.04#
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: <roman at ...438...>
> > > > > To: "alexus" <ml at ...1718...>
> > > > > Cc: <snort-users at lists.sourceforge.net>
> > > > > Sent: Friday, May 11, 2001 11:50 AM
> > > > > Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
> > > > >
> > > > >
> > > > > > Do you have rules which trigger on the facility "redalert".  The
> > > > > > default rules typically are "alert" or "log".
> > > > > >
> > > > > > Roman
> > > > > >
> > > > > > > i used this file to create rest of tables, now all tables
seems to
> > > be
> > > > > > > inplace
> > > > > > > although still there are some strange things are happening:
> > > > > > >
> > > > > > > when i go to http://box.nexgen.com/acid/
> > > > > > >
> > > > > > > i dont see anything anything, i mean no data, that snort
should've
> > > put
> > > > > into
> > > > > > > database... any ideas?
> > > > > > >
> > > > > > > that's part of my snort.conf about mysql db.
> > > > > > >
> > > > > > > ruletype redalert
> > > > > > > {
> > > > > > >   type alert
> > > > > > >   output alert_syslog: LOG_AUTH LOG_ALERT
> > > > > > >   output database: log, mysql, user=xxx dbname=xxx
host=localhost
> > > > > > > password=xxx
> > > > > > > }
> > > > > > >
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: <roman at ...438...>
> > > > > > > To: "alexus" <ml at ...1718...>
> > > > > > > Cc: <snort-users at lists.sourceforge.net>
> > > > > > > Sent: Thursday, May 10, 2001 5:23 PM
> > > > > > > Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)
> > > > > > >
> > > > > > >
> > > > > > > > OK, lets avoid the automated table creation for now.  Try
> > running
> > > > > > > > the SQL manually (create_acid_tbls_mysql.sql)
> > > > > > > >
> > > > > > > > Roman
> > > > > > > >
> > > > > > > > > mysql> select * from user where user='alexus';
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> >
+-----------+--------+------------------+-------------+-------------+-------
> > > > > > > >
> > > > > > >
> > > > >
> > >
> >
> ------+-------------+-------------+-----------+-------------+-------------
> > > > > > > --
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> >
+--------------+-----------+------------+-----------------+------------+----
> > > > > > > > > --------+
> > > > > > > > > | Host      | User   | Password         | Select_priv |
> > > Insert_priv
> > > > > |
> > > > > > > > > Update_priv | Delete_priv | Create_priv | Drop_priv |
> > > Reload_priv |
> > > > > > > > > Shutdown_priv | Process_priv | File_priv | Grant_priv |
> > > > > References_priv
> > > > > > > |
> > > > > > > > > Index_priv | Alter_priv |
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> >
+-----------+--------+------------------+-------------+-------------+-------
> > > > > > > >
> > > > > > >
> > > > >
> > >
> >
> ------+-------------+-------------+-----------+-------------+-------------
> > > > > > > --
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> >
+--------------+-----------+------------+-----------------+------------+----
> > > > > > > > > --------+
> > > > > > > > > | localhost | alexus | 34484ed463a66850 | Y           | Y
> > > > > | N
> > > > > > > > > | Y           | N           | N         | N           | N
> > > > > |
> > > > > > > N
> > > > > > > > > | N         | N          | N               | N          |
N
> > > > > |
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> >
+-----------+--------+------------------+-------------+-------------+-------
> > > > > > > >
> > > > > > >
> > > > >
> > >
> >
> ------+-------------+-------------+-----------+-------------+-------------
> > > > > > > --
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> >
+--------------+-----------+------------+-----------------+------------+----
> > > > > > > > > --------+
> > > > > > > > > 1 row in set (0.00 sec)
> > > > > > > > >
> > > > > > > > > mysql>
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > i copy and paste mysql output to show you that i do have
all
> > > right
> > > > > > > > > privileges
> > > > > > > > >
> > > > > > > > > i also upgrade acid to 0.9.6b9 (which is latest beta for
> > today)
> > > > > > > > >
> > > > > > > > > it still doesn't work
> > > > > > > > >
> > > > > > > > > ----- Original Message -----
> > > > > > > > > From: <roman at ...438...>
> > > > > > > > > To: "alexus" <ml at ...1718...>
> > > > > > > > > Cc: <snort-users at lists.sourceforge.net>
> > > > > > > > > Sent: Thursday, May 10, 2001 11:18 AM
> > > > > > > > > Subject: Re: [Snort-users] Snort + Acid w/ MySQL
question(s)
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > One observation:
> > > > > > > > > >
> > > > > > > > > > - ACID 0.9.5 does not use ADODB.  This DB abstraction
was
> > > > > > > > > > introduced in 0.9.6b2 (Jan 2001).  Hence, this addition
into
> > > > > > > > > > acid_conf.php will be ignored.
> > > > > > > > > >
> > > > > > > > > > Two recommendations:
> > > > > > > > > >
> > > > > > > > > > - are you sure that you have CREATE permissions on the
DB
> > > > > > > > > > user set in acid_conf.php?  If all else fails, try using
the
> > > > > > > > > > "create_acid_tbls_mysql.sql" to manually create the ACID
> > > > > > > > > > tables.
> > > > > > > > > >
> > > > > > > > > > - upgrade to a more recent version of ACID => 0.9.6b9.
> > There
> > > > > > > > > > are significant feature improvements as well as bug
fixes.
> > If
> > > you
> > > > > > > > > > prefer an older version, upgrade to at least 0.9.6b1 for
it
> > > has
> > > > > > > > > > a number of important bug fixes
> > > > > > > > > >
> > > > > > > > > > cheers,
> > > > > > > > > > Roman
> > > > > > > > > >
> > > > > > > > > > > I'm using the following:
> > > > > > > > > > >
> > > > > > > > > > > FreeBSD 4.3 - RELEASE (STABLE)
> > > > > > > > > > > ACID-0.9.5 - RELEASE (STABLE)
> > > > > > > > > > > ADODB v1.0.1 - RELEASE (STABLE)
> > > > > > > > > > > PHP - 4.0.5 - RELEASE (STABLE)
> > > > > > > > > > > APACHE - 1.3.19 - RELEASE (STABLE)
> > > > > > > > > > > SNORT - 1.7 - RELEASE (STABLE)
> > > > > > > > > > >
> > > > > > > > > > > to compile snort i used following line:
> > > > > > > > > > > ../configure --with-mysql=/usr/local/mysql;make;make
> > install
> > > > > > > > > > >
> > > > > > > > > > > i did change acid_conf.php i put path to adodb
> > > > > > > > > > >
> > > > > > > > > > > in adodb
> > > > > > > > > > >
> > > > > > > > > > > i put local path in adodb.inc.php
> > > > > > > > > > >
> > > > > > > > > > > when i go to http://localhost/acid it redirects me to
> > > > > acid_main.php
> > > > > > > and
> > > > > > > > > when
> > > > > > > > > > > it gets there i get this:
> > > > > > > > > > >
> > > > > > > > > > > The underlying database alexus at ...274... apears to be
> > > invalid.
> > > > > > > > > > >
> > > > > > > > > > > The database version is valid, but the ACID DB
structure
> > > (table:
> > > > > > > > > acid_ag) is
> > > > > > > > > > > not present. Use the Setup page to configure and
optimize
> > > the DB
> > > > > > > > > > >
> > > > > > > > > > > when i click on "Setup page"
> > > > > > > > > > >
> > > > > > > > > > > in status window i get "DONE" for "Search Indexes" and
i
> > > have
> > > > > > > "Create
> > > > > > > > > ACID
> > > > > > > > > > > AG" for "ACID tables" i'm assuming i need to click on
> > > "Create
> > > > > ACID
> > > > > > > AG",
> > > > > > > > > when
> > > > > > > > > > > I do that nothing happenes, it won't disappear or it
won't
> > > > > change
> > > > > > > status
> > > > > > > > > to
> > > > > > > > > > > "DONE".. what am i missing?
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > _______________________________________________
> > > > > > > > > > > Snort-users mailing list
> > > > > > > > > > > Snort-users at lists.sourceforge.net
> > > > > > > > > > > Go to this URL to change user options or unsubscribe:
> > > > > > > > > > >
http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > > > > > > > Snort-users list archive:
> > > > > > > > > > >
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > ---------------------------------------------
> > > > > > > > > > This message was sent using Voicenet WebMail.
> > > > > > > > > >       http://www.voicenet.com/webmail/
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > ---------------------------------------------
> > > > > > > > This message was sent using Voicenet WebMail.
> > > > > > > >       http://www.voicenet.com/webmail/
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Snort-users mailing list
> > > > > > > Snort-users at lists.sourceforge.net
> > > > > > > Go to this URL to change user options or unsubscribe:
> > > > > > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > > > Snort-users list archive:
> > > > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > ---------------------------------------------
> > > > > > This message was sent using Voicenet WebMail.
> > > > > >       http://www.voicenet.com/webmail/
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Snort-users mailing list
> > > > > Snort-users at lists.sourceforge.net
> > > > > Go to this URL to change user options or unsubscribe:
> > > > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > Snort-users list archive:
> > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > > >
> > > >
> > > >
> > > >
> > > > ---------------------------------------------
> > > > This message was sent using Voicenet WebMail.
> > > >       http://www.voicenet.com/webmail/
> > > >
> > > >
> > > >
> > >
> >
> >
>
>
>
> ---------------------------------------------
> This message was sent using Voicenet WebMail.
>       http://www.voicenet.com/webmail/
>
>
>





More information about the Snort-users mailing list