[Snort-users] Acid/MySQL and remote sensors

Lists lists at ...3351...
Mon Sep 17 15:41:01 EDT 2001


No problem

-----Original Message-----
From: bferrell at ...3469... [mailto:bferrell at ...3469...] 
Sent: Monday, September 17, 2001 3:21 PM
To: Lists Smith
Subject: Re: [Snort-users] Acid/MySQL and remote sensors

Unfortunately, not that simple.  You have to make entries in the mysql
host
and user tables for the snort user.  I think your MySQL is running on a
MS
box?  You might want to look at the MySQL site for MySQL GUI.  It'll be
much easier to do.

WOuld you mind echoing this to the list?  It rejects my posts because my
mail hub refuses to verify me.  We do that not for anti-spam reasons,
but
to avoid giving out user info for anti-cracking reasons.



Lists wrote:

> Do I do that by uncommenting the username and password fields in the
> MySQL .ini and ensuring that the values are the same for the
snort.cont
> file on the remote sensor?
>
> Thanks,
>
> Ben
>
> -----Original Message-----
> From: bferrell at ...3469... [mailto:bferrell at ...3469...]
> Sent: Monday, September 17, 2001 3:02 PM
> To: Lists Smith
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Acid/MySQL and remote sensors
>
> You need to enable access for the snort user on the snort sensor at
the
> MySQL database
>
> Lists wrote:
>
> > All,
> >
> > I have been successfully running Snort 1.8 on Win2k with
> ACID,MySql,PHP.
> > I essentially followed the very good paper by Michael Steele on
> Silicon
> > Defense's site.
> >
> > Questions-  I have been unsuccessful in getting another sensor to
log
> to
> > the MySQL database on the main Snort box (the main box works
> beautiful).
> > I have tried changing the:
> >
> > "output database: log, mysql, user=snort dbname=snort
host=localhost"
> > line in the new sensor's snort.conf to have the host=IP Address of
> main
> > box.  No go.
> >
> > Failure is not authorized to access database, although I don't
believe
> > the default setting per Michael's doc requires any remote auth.
> >
> > I notice in the MySQL .ini file that the default port (3306) is
> > commented out. Also username and password fields are commented out.
> Do
> > I need to modify these?
> >
> > Another issue: Anybody know how to force promisc. mode on a Linksys
> > 10/100 card with Win2k?  Internet search reveals nothing, card might
> not
> > even support it.  Anybody now cards that do?
> >
> > Ben Keepper
> >
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list