[Snort-users] problem with mysql and user root

Dave Sobel dave at ...3559...
Wed Oct 3 17:45:02 EDT 2001


Jorge:

Interestingly enough, I have the same problem.   I have SQL support
compiled in, and it starts and seems happy.  However, nothing in the
logs.

The only main difference I have is that my mySQL server is across the
network, not local.  However, I didn't think that would make too much of
a difference.  

Help is definitely appreciated. 

Dave

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Jorge
Reyes
Sent: Wednesday, October 03, 2001 6:27 PM
To: snort-users at lists.sourceforge.net
Subject: FW: [Snort-users] problem with mysql and user root

Ok
Here is the story:
The problem is a permissions problem with the user that starts the
service and the owner of the files (the program itself). They all have
to be owned by the same user, otherwise it will not work.

First I created an user called mysql (service account) and a group
called mysql.

I had to chown and chgrp all the files from mysql to be owned 
Then I changed the file my.cnf to be mysql the user that starts.

Now my snort starts with no errors.

However for some odd reason snort will not write any data to the DB.
I still think is a permission issue with a file some where.

At least now I can start snort with SQL support.

See bellow:

Log directory = 
Reading Conf File...

Initializing Network Interface eth1
Kernel filter, protocol ALL, TURBO mode (63 frames), raw packet socket
using config file /root/.snortrc
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /root/.snortrc

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
Back Orifice detection brute force: DISABLED
Using LOCAL time
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = root
database: password is set
database: database name = snort2
database:          host = localhost
database: data encoding = hex
database: detail level  = full
database:   sensor name = 10.0.8.40
database:     sensor id = 1
database: schema version = 103
database: using the "log" facility
923 Snort rules read...
923 Option Chains linked into 135 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initializing Snort ==--
Checking PID path...
PATH_VARRUN is set to /var/run/ on this operating system

Initializing Network Interface eth1
Kernel filter, protocol ALL, TURBO mode (63 frames), raw packet socket
Decoding Ethernet on interface eth1

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.1-RELEASE (Build 74)
By Martin Roesch (roesch at ...1935..., www.snort.org)


-----Original Message-----
From: Bob Bayley [mailto:BBayley at ...3689...]
Sent: Wednesday, October 03, 2001 12:37 PM
To: Jorge Reyes
Subject: RE: [Snort-users] problem with mysql and user root


I am having the same problem as you were. I've edited my.cnf to change
user
to "me". Should it be mysql or root or ??.

As for the earlier fix. 

-----Original Message-----
From: Jorge Reyes [mailto:jreyes at ...2677...]
Sent: Wednesday, October 03, 2001 8:48 AM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] problem with mysql and user root


Thanks :)
I try that, however did not work.
I figure out what is was, on the file /etc/my.cnf I had the wrong owner
to start mysql.


[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
     
[mysql.server]
user=mysql
basedir=/var/lib

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid




-----Original Message-----
From: Peter Borner [mailto:peter at ...3373...]
Sent: Wednesday, October 03, 2001 8:33 AM
To: Jorge Reyes
Subject: RE: [Snort-users] problem with mysql and user root


Try changing the root at ...274... to root at ...263...  I had the same
problem and it fixed it for me. Using root is not recommended though!

Peter

 -----Original Message-----
From: 	Jorge Reyes [mailto:jreyes at ...2677...] 
Sent:	03 October 2001 15:52
To:	snort-users at lists.sourceforge.net
Subject:	[Snort-users] problem with mysql and user root

I setup snort to have mysql support and SSL, all compiled just fined.
However when start snort I get the following error

database: mysql_error: Access denied for user: 'root at ...274...' (Using
password: YES)

Any ideas ?


-------------------------------------
Jorge Reyes


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list





More information about the Snort-users mailing list