[Snort-users] ACID and MSSQL

SkatFiend at ...661... SkatFiend at ...661...
Fri Oct 26 14:59:01 EDT 2001


Ok, Im really getting busted on this, its probably something simple that Im 
overlooking, but I can not get a connection from snort to mssql.

1) I am using sql authentication
2) using TCP/IP as connection protocol, although I have tried others to see 
if they would work
3) Have tried different logins and pw's, checked permissions.
4) verified logins do work, connections show mssql Ent. Mgr.
5) run mssql create script file from SQL quiry analizer, tables were parsed 
and built in the "snort" database
6) currently using the following line for the plugin : 
output database: log, mssql, dbname=snort user=snort password=test
I have tried different sytax combinations for this line to test without 
success
7) when I execute the "Test Configuration" button option from IDScenter the 
load sequence runs up to the point the "output" plugin should run and stops

Any suggestions would be appreciated.

Cliff

------------------------------------------------------------------------------

---------------------------------
You have to use SQL auth.  The server can be set in Mixed mode but I doubt
it will work in Windows only mode.

I think snort is using a straight TCP/IP connection.  Make sure you have the
MSSQL DB client installed on the snort m/c and you do not have to specify a
port in snort.conf.

Are you getting any errors?  Once you get a successful connect you should
see it in Enterprise Admin Current Activity..

-----Original Message-----
From: SkatFiend at ...661... [mailto:SkatFiend at ...661...]
Sent: Wednesday, October 24, 2001 07:43
To: drew600_1999 at ...131...; michaels at ...155...;
snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ACID and MSSQL


Hi Drew,

Thanks for the info.

I have followed the steps outlined below and can not obtain a "snort" SQL
connection to the "snort" SQL database.

A few questions:

1) should I use "Windows Authentication" or "SQL Authentication" for login
to
the MSSQL server???

2) what type of connection is the snort plugin supporting aka: name pipes,
TCPIP, Multiprotocol, ect???

3) any other specific setup parameters???

Thanks, Cliff



----------------------------------------------------------------------------
--

------------------------------
Well they don't have a sheet yet.  Mike asked me to type one up but I have
yet to get time.  Here are the basic steps:

1.) Have SQL installed and running either local or on another box.
2.) Create a DB called snort on the SQL server
3.) Use the sql script mssql.conf that comes with the Win32 distribution.
This is a text file with TSQL statements for creating the tables.  You can
run this in many different ways, but I used SQL Query analyzer tool
4.) Create a User for the snort DB and make sure it has enough rights to
add/updated the DB.  I just made my snortuser DBO for the snort DB.
5.) The machine that is running Snort will need the MS SQL client installed.
Install this by running SQL Server setup on the workstation and selecting
the client tools install.
6.) Configure the DB plug-in line in snort.conf to point to the right DB
server and give it the appropriate credentials.

that's the best I can come up with from memory right now.  Give it a try and
see how it goes.

-----Original Message-----
From: SkatFiend at ...661... [mailto:SkatFiend at ...661...]
Sent: Friday, October 19, 2001 09:51
To: michaels at ...155...; drew600_1999 at ...131...;
snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ACID and MSSQL


Hi Mike,

I am also trying to setup snort with mssql. I looked on the "silicondefense"
web site but only saw documentation relivent to mysql setup. Can you tell me
Exactly where I might be about to locate mssql setup documentation?

Thanks, Cliff Arms


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com









More information about the Snort-users mailing list