[Snort-users] Re: (Snort-users) Configure MySQL for multiple snort sensors

Joe Pampel joe at ...3851...
Fri Oct 19 12:57:14 EDT 2001

Hi - and thanks for the replies!

I have created new users for the remote sensors as per the replies like this:

myqsl> \u mysql
mysql> grant INSERT,SELECT,DELETE,UPDATE on snort.* to snort at ...3852...; 

when I do a "select* from user;"  I see the users created, but they have no privileges.. eg
the various fields all have 'N' 's in them.  I can see the original 'localhost' version of
the snort user and it has all "Y's" in the permission fields.. not sure what's going on, I made
all the ID's with the same commands and I'm logged in as the same user.. maybe another
cup of coffee will make things clearer.  What's extra wierd is that my remote sensor is running
fine and showed no login issues during startup and it's MySQL ID also has all "N"'s.. while the
sensor on the local machine cannot log in at all. (it's trying to log in as snort@<host IP>)

RE:  method #2 (msg 15) I cannot get it to take this
syntax.. I think I understand where you're going with the 'Y'Y,'Y','Y','Y' bit but MySQL won't take it.. 
I'm reading my MySQL book and it uses a grant ALL command. Tried that too, to no avail... I can't
see what's stopping me.. maybe the fact that root and the original admin were tied to localhost and now
I don't have permission to create users with rights?? 

ps: anyone know where ADODB (in the ACID config) pulls it's database address from? I'm going through all the files but cannot find a 'localhost' ref, but it keeps crashing ACID trying to find the DB on localhost.. I think
that's the only setting I'm missing.  I plan on making a 'how to' when this is over! As usual nothing really hard about it, just a lot of details to trip over.. 

Thanks again,

- Joe

>>Message: 8
Date: Thu, 18 Oct 2001 07:46:00 +0200
From: <sandro.poppi at ...3316...>
To: <joe at ...3851...>, <snort-users at lists.sourceforge.net>
Subject: [Snort-users] AW: (Snort-users) Configure MySQL for multiple snort sensors

I had the same prob a couple of times. I created the user the following way and
it worked:

mysql> grant INSERT,SELECT,DELETE,UPDATE on snort.* to snort at ...3852... 
identified by 'YOUR_PASSWORD';
mysql> flush privileges;

where snort.* means your database tables, snort at ...3852... means User snort
coming from the given ip.

This should be independent of the underlying OS.


Message: 15
From: Erwin Fok <Erwin at ...3172...>
To: snort-users at lists.sourceforge.net 
Subject: RE: [Snort-users] Configure MySQL for multiple snort sensors
Date: Thu, 18 Oct 2001 16:36:09 +0200


What i think u need to do is the following:

shell> mysql --user=root mysql
mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('some_pass'),


where in localhost u put the IP of the sensor. Also u need to install some
MYSQL files on the sensor wich are needed for Snort to run.

After that it should work. Or it worked for me!

Please report back if this fixed u problem. So we can see all the solutions
to problems. So other people can also make use of them.


- ---
Erwin Fok   			t  015 - 21 21 907
Fox-IT Forensic IT Experts	f  015 - 21 21 964
Oude Delft 47			e  erwin at ...3172... 
2611 BC  Delft			i  www.fox-it.com 

More information about the Snort-users mailing list