[Snort-users] Snort - MySql - ACID and multiple sensors

Michael Steele michaels at ...155...
Wed Sep 19 07:01:02 EDT 2001


Bill,

All you need to do is, specify the appropriate hostname in his 'output
database' line, and then grant select and insert privilage to
snort at ...3513..., where snort is the name of your database user and
remotehost is the name of the machine which is remote to the mysql box.

-Mike
 
        Commercial Snort Support
              1.866.41.SNORT
Silicon Defense - www.silicondefense.com
Michael Steele - Snort Support Technician

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
bhayes at ...3464...
Sent: Monday, September 17, 2001 1:34 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort - MySql - ACID and multiple sensors

I am having some trouble getting snort to log to a mysql server.  One
remote snort host did properly connect to the mysql host once. ACID did
correctly identify the sensor ID and its interface once. However, the
database did not pick up any alerts, even after using a nework-based
vulnerability scanner.

The sensor has subsequently refused to connect to the mysql host.  Snort
complains that it is unable to connect to the Mysql server and then
times
out.

Setting up the sensor and the mysql server as standalone snort hosts
works
well.  Snort logs everyhing from the proper interface.

Any ideas of where to look for this problem?

I am not yet subscribed to the list, so please respond directly.

Many thanks!

Bill...


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list