FW: [Snort-users] ACID and MSSQL

Stephen Shepherd drew600_1999 at ...131...
Wed Oct 24 08:58:07 EDT 2001

You have to use SQL auth.  The server can be set in Mixed mode but I doubt
it will work in Windows only mode.

I think snort is using a straight TCP/IP connection.  Make sure you have the
MSSQL DB client installed on the snort m/c and you do not have to specify a
port in snort.conf.

Are you getting any errors?  Once you get a successful connect you should
see it in Enterprise Admin Current Activity..

-----Original Message-----
From: SkatFiend at ...661... [mailto:SkatFiend at ...661...]
Sent: Wednesday, October 24, 2001 07:43
To: drew600_1999 at ...131...; michaels at ...155...;
snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ACID and MSSQL

Hi Drew,

Thanks for the info.

I have followed the steps outlined below and can not obtain a "snort" SQL
connection to the "snort" SQL database.

A few questions:

1) should I use "Windows Authentication" or "SQL Authentication" for login
the MSSQL server???

2) what type of connection is the snort plugin supporting aka: name pipes,
TCPIP, Multiprotocol, ect???

3) any other specific setup parameters???

Thanks, Cliff


Well they don't have a sheet yet.  Mike asked me to type one up but I have
yet to get time.  Here are the basic steps:

1.) Have SQL installed and running either local or on another box.
2.) Create a DB called snort on the SQL server
3.) Use the sql script mssql.conf that comes with the Win32 distribution.
This is a text file with TSQL statements for creating the tables.  You can
run this in many different ways, but I used SQL Query analyzer tool
4.) Create a User for the snort DB and make sure it has enough rights to
add/updated the DB.  I just made my snortuser DBO for the snort DB.
5.) The machine that is running Snort will need the MS SQL client installed.
Install this by running SQL Server setup on the workstation and selecting
the client tools install.
6.) Configure the DB plug-in line in snort.conf to point to the right DB
server and give it the appropriate credentials.

that's the best I can come up with from memory right now.  Give it a try and
see how it goes.

-----Original Message-----
From: SkatFiend at ...661... [mailto:SkatFiend at ...661...]
Sent: Friday, October 19, 2001 09:51
To: michaels at ...155...; drew600_1999 at ...131...;
snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ACID and MSSQL

Hi Mike,

I am also trying to setup snort with mssql. I looked on the "silicondefense"
web site but only saw documentation relivent to mysql setup. Can you tell me
Exactly where I might be about to locate mssql setup documentation?

Thanks, Cliff Arms

Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

More information about the Snort-users mailing list