[Snort-users] Acid/MySQL and remote sensors

Lists lists at ...3351...
Mon Sep 17 14:42:02 EDT 2001


All,

I have been successfully running Snort 1.8 on Win2k with ACID,MySql,PHP.
I essentially followed the very good paper by Michael Steele on Silicon
Defense's site.

Questions-  I have been unsuccessful in getting another sensor to log to
the MySQL database on the main Snort box (the main box works beautiful).
I have tried changing the: 

"output database: log, mysql, user=snort dbname=snort host=localhost"
line in the new sensor's snort.conf to have the host=IP Address of main
box.  No go.

Failure is not authorized to access database, although I don't believe
the default setting per Michael's doc requires any remote auth.

I notice in the MySQL .ini file that the default port (3306) is
commented out. Also username and password fields are commented out.  Do
I need to modify these?

Another issue: Anybody know how to force promisc. mode on a Linksys
10/100 card with Win2k?  Internet search reveals nothing, card might not
even support it.  Anybody now cards that do?



Ben Keepper

 






More information about the Snort-users mailing list