[Snort-users] ACID and MSSQL

Robbins, Mark MRobbins at ...3937...
Mon Oct 29 04:44:04 EST 2001


If it helps, here's the output line I use:

output database: log, mssql, host=hostname dbname=snort user=snort
password=test port=1433 sensor=sensorname

Yours:

output database: log, mssql, dbname=snort user=snort password=test

The port may not be needed, but I couldn't get it to work until I added the
host.

Mark


> -----Original Message-----
> From: SkatFiend at ...661... [mailto:SkatFiend at ...661...]
> Sent: Friday, October 26, 2001 4:58 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] ACID and MSSQL
> 
> 
> Ok, Im really getting busted on this, its probably something 
> simple that Im 
> overlooking, but I can not get a connection from snort to mssql.
> 
> 1) I am using sql authentication
> 2) using TCP/IP as connection protocol, although I have tried 
> others to see 
> if they would work
> 3) Have tried different logins and pw's, checked permissions.
> 4) verified logins do work, connections show mssql Ent. Mgr.
> 5) run mssql create script file from SQL quiry analizer, 
> tables were parsed 
> and built in the "snort" database
> 6) currently using the following line for the plugin : 
> output database: log, mssql, dbname=snort user=snort password=test
> I have tried different sytax combinations for this line to 
> test without 
> success
> 7) when I execute the "Test Configuration" button option from 
> IDScenter the 
> load sequence runs up to the point the "output" plugin should 
> run and stops
> 
> Any suggestions would be appreciated.
> 
> Cliff
> 
> --------------------------------------------------------------
> ----------------
> 
> ---------------------------------
> You have to use SQL auth.  The server can be set in Mixed 
> mode but I doubt
> it will work in Windows only mode.
> 
> I think snort is using a straight TCP/IP connection.  Make 
> sure you have the
> MSSQL DB client installed on the snort m/c and you do not 
> have to specify a
> port in snort.conf.
> 
> Are you getting any errors?  Once you get a successful 
> connect you should
> see it in Enterprise Admin Current Activity..
> 
> -----Original Message-----
> From: SkatFiend at ...661... [mailto:SkatFiend at ...661...]
> Sent: Wednesday, October 24, 2001 07:43
> To: drew600_1999 at ...131...; michaels at ...155...;
> snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] ACID and MSSQL
> 
> 
> Hi Drew,
> 
> Thanks for the info.
> 
> I have followed the steps outlined below and can not obtain a 
> "snort" SQL
> connection to the "snort" SQL database.
> 
> A few questions:
> 
> 1) should I use "Windows Authentication" or "SQL 
> Authentication" for login
> to
> the MSSQL server???
> 
> 2) what type of connection is the snort plugin supporting 
> aka: name pipes,
> TCPIP, Multiprotocol, ect???
> 
> 3) any other specific setup parameters???
> 
> Thanks, Cliff
> 
> 
> 
> --------------------------------------------------------------
> --------------
> --
> 
> ------------------------------
> Well they don't have a sheet yet.  Mike asked me to type one 
> up but I have
> yet to get time.  Here are the basic steps:
> 
> 1.) Have SQL installed and running either local or on another box.
> 2.) Create a DB called snort on the SQL server
> 3.) Use the sql script mssql.conf that comes with the Win32 
> distribution.
> This is a text file with TSQL statements for creating the 
> tables.  You can
> run this in many different ways, but I used SQL Query analyzer tool
> 4.) Create a User for the snort DB and make sure it has 
> enough rights to
> add/updated the DB.  I just made my snortuser DBO for the snort DB.
> 5.) The machine that is running Snort will need the MS SQL 
> client installed.
> Install this by running SQL Server setup on the workstation 
> and selecting
> the client tools install.
> 6.) Configure the DB plug-in line in snort.conf to point to 
> the right DB
> server and give it the appropriate credentials.
> 
> that's the best I can come up with from memory right now.  
> Give it a try and
> see how it goes.
> 
> -----Original Message-----
> From: SkatFiend at ...661... [mailto:SkatFiend at ...661...]
> Sent: Friday, October 19, 2001 09:51
> To: michaels at ...155...; drew600_1999 at ...131...;
> snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] ACID and MSSQL
> 
> 
> Hi Mike,
> 
> I am also trying to setup snort with mssql. I looked on the 
> "silicondefense"
> web site but only saw documentation relivent to mysql setup. 
> Can you tell me
> Exactly where I might be about to locate mssql setup documentation?
> 
> Thanks, Cliff Arms
> 
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.286 / Virus Database: 152 - Release Date: 10/9/2001
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011029/cf721f2e/attachment.html>


More information about the Snort-users mailing list