[Snort-users] Acid/MySQL and remote sensors
lists at ...3351...
Mon Sep 17 14:42:02 EDT 2001
I have been successfully running Snort 1.8 on Win2k with ACID,MySql,PHP.
I essentially followed the very good paper by Michael Steele on Silicon
Questions- I have been unsuccessful in getting another sensor to log to
the MySQL database on the main Snort box (the main box works beautiful).
I have tried changing the:
"output database: log, mysql, user=snort dbname=snort host=localhost"
line in the new sensor's snort.conf to have the host=IP Address of main
box. No go.
Failure is not authorized to access database, although I don't believe
the default setting per Michael's doc requires any remote auth.
I notice in the MySQL .ini file that the default port (3306) is
commented out. Also username and password fields are commented out. Do
I need to modify these?
Another issue: Anybody know how to force promisc. mode on a Linksys
10/100 card with Win2k? Internet search reveals nothing, card might not
even support it. Anybody now cards that do?
More information about the Snort-users