[Snort-users] Configure MySQL for multiple snort sensors

Joe Pampel joe at ...3851...
Wed Oct 17 10:18:15 EDT 2001


Hi - 

I've been trying to get multiple snort sensors to log to a mysql database, with no luck so far.
I edited the mysql ini file to show the database binding to the machine's IP (not localhost)
and using port 3306.  In snort.conf I use the same settings (database at that IP..)
and I created a user on the DB which takes the form of "sensorname at ...3854.....". What I get
when I try to fire up the sensor is an error message which says 
"database: my_sql error: Access denied for user: 'sensorname@<ip address>' (Using password: YES)
Fatal Error. Quitting.

Now I have set passwords, I did create the user in MySQL.. (maybe I did it wrong?) I went through the Snort 
FAQ and found nothing on multiple sensor setups. (ideally I'd like to run 4 or more of them).

For now the system (snort/mysql/acid) is running under Win32 until I can get my 'nix up to speed. 
(I'm having trouble with the libpcap install ok?)  It runs great as one local sensor reporting to localhost,
but now I want *more*..  Anyhow I would imagine the config issue is common to both 
platforms. Any pointers, links to docs, cruel mocking laughter, etc all appreciated. If I find any 
I'll post them to the list.  I'm currently looking at http://www.mysql.com/doc/A/c/Access_denied.html 
and am hoping it will do the trick but am really hoping to find something snort specific.. 

TIA,

Joe

btw Snort with the ACID frontend has been a real lifesaver around here for me. One thing I didn't expect
from it was that it catches odd situations on my network and helps me proactively fix problems while they
are small.. a nice extra.. 





More information about the Snort-users mailing list