[Snort-users] Snort - MySql - ACID and multiple sensors

Michael Steele michaels at ...155...
Wed Sep 19 07:01:02 EDT 2001


All you need to do is, specify the appropriate hostname in his 'output
database' line, and then grant select and insert privilage to
snort at ...3513..., where snort is the name of your database user and
remotehost is the name of the machine which is remote to the mysql box.

        Commercial Snort Support
Silicon Defense - www.silicondefense.com
Michael Steele - Snort Support Technician

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
bhayes at ...3464...
Sent: Monday, September 17, 2001 1:34 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort - MySql - ACID and multiple sensors

I am having some trouble getting snort to log to a mysql server.  One
remote snort host did properly connect to the mysql host once. ACID did
correctly identify the sensor ID and its interface once. However, the
database did not pick up any alerts, even after using a nework-based
vulnerability scanner.

The sensor has subsequently refused to connect to the mysql host.  Snort
complains that it is unable to connect to the Mysql server and then

Setting up the sensor and the mysql server as standalone snort hosts
well.  Snort logs everyhing from the proper interface.

Any ideas of where to look for this problem?

I am not yet subscribed to the list, so please respond directly.

Many thanks!


Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list