[Snort-users] Configure MySQL for multiple snort sensors
joe at ...3851...
Wed Oct 17 10:18:15 EDT 2001
I've been trying to get multiple snort sensors to log to a mysql database, with no luck so far.
I edited the mysql ini file to show the database binding to the machine's IP (not localhost)
and using port 3306. In snort.conf I use the same settings (database at that IP..)
and I created a user on the DB which takes the form of "sensorname at ...3854.....". What I get
when I try to fire up the sensor is an error message which says
"database: my_sql error: Access denied for user: 'sensorname@<ip address>' (Using password: YES)
Fatal Error. Quitting.
Now I have set passwords, I did create the user in MySQL.. (maybe I did it wrong?) I went through the Snort
FAQ and found nothing on multiple sensor setups. (ideally I'd like to run 4 or more of them).
For now the system (snort/mysql/acid) is running under Win32 until I can get my 'nix up to speed.
(I'm having trouble with the libpcap install ok?) It runs great as one local sensor reporting to localhost,
but now I want *more*.. Anyhow I would imagine the config issue is common to both
platforms. Any pointers, links to docs, cruel mocking laughter, etc all appreciated. If I find any
I'll post them to the list. I'm currently looking at http://www.mysql.com/doc/A/c/Access_denied.html
and am hoping it will do the trick but am really hoping to find something snort specific..
btw Snort with the ACID frontend has been a real lifesaver around here for me. One thing I didn't expect
from it was that it catches odd situations on my network and helps me proactively fix problems while they
are small.. a nice extra..
More information about the Snort-users