[Snort-users] Snort WIN32 (Logging to UNIX MySQL DB) error

Michael Steele michaels at ...155...
Fri Jan 18 11:47:05 EST 2002


William,

I'm assuming you have multiple sensors and want to log to one database.
You also have 1 windows box that you want to log to a MySQL database on
a UNIX box?

First, you need to install Snort for MySQL on the windows machine and
set it up. In the conf file you need to direct snort to use the database
on the UNIX box. If you have a static IP on your UNIX box, you can use
that. If you have DHCP then you will need to setup DNS on the UNIX box
to use names. Then you will need to give the proper permissions for the
user on the windows box to MySQL on the UNIX box. I believe that is all
you need.

I may have left something out and if I did, maybe someone else can jump
in.

-Mike

Commercial Snort Support <<->> 1.866.41.SNORT
  Silicon Defense - www.silicondefense.com
    Home of the new SENTRUS Snort sensor!
  Michael Steele - Snort Support Technician


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of William D.
Pool
Sent: Friday, January 18, 2002 9:28 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort WIN32 (Logging to UNIX MySQL DB) error

When, I Do test configuration this is what I get.   I've been to Silicon
Defense, but the docs all cover installing a full blown IDS system.

I'm interested in two things:

How to Install Snort with MySQL support
Have Snort log to the UNIX DB.

Are there any docs or instructions for doing this simple task?

I got the UNIX part figured out, I'm not familar with the Microsoft
stuff.
Any advice / steps / procedures would be appricated.


William D. Pool
www.icephyre.net
_____________________________________________
GPG Public ID: EE3D7A83			     |
PGP6 Public ID: 065DEF8B
----------------------------------------------
"Reality, is only fiction put into production"

---------- Forwarded message ----------
Date: Fri, 18 Jan 2002 10:06:05 -0600 (CST)
From: William D. Pool <locutus at ...4594...>
To: Michael Steele <michaels at ...155...>
Subject: RE: [Snort-users] Snort 183 Windows Binary (Flex+MySQL Support)

Okay, I'm getting another error it is:

WARNING: command line overrides rules file alert plugin
ERROR: Unable to open rules file: classification.config or
./classification.config

Fatal Error, Quitting..


The file is there and is read/writeable.  Other ideas?

This might sound dumb, but isn't there a way to just have the directory
have everything i Need for 2K and just run snort.exe ?

Thanks,


William D. Pool
www.icephyre.net
_____________________________________________
GPG Public ID: EE3D7A83			     |
PGP6 Public ID: 065DEF8B
----------------------------------------------
"Reality, is only fiction put into production"

On Wed, 16 Jan 2002, Michael Steele wrote:

> William,
>
> Remove the entire install of Snort and manually install each package.
Be
> absolutely sure that you have removed all of WinPcap prior to
installing
> the latest release, not the BETA! Check our site out for the complete
> installation instructions for Windows.
>
> -Mike
>
> Commercial Snort Support <<->> 1.866.41.SNORT
>   Silicon Defense - www.silicondefense.com
>     Home of the new SENTRUS Snort sensor!
>   Michael Steele - Snort Support Technician
>
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of William
D.
> Pool
> Sent: Wednesday, January 16, 2002 9:39 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort 183 Windows Binary (Flex+MySQL Support)
>
>
> I've downloaded the Windows binary for Snort 1.8.3 that includes
Flexrp
> and MySQL support.
>
> I configure everything the way It's supposed to (or believe for this
> program), but get the following error.
>
> If anyone knows how to get past this I'd greatly appricate the
knowlege.
> Thanks.
>
> |> IDScenter test console <|
> --Press ENTER after checking Snorts output --
> Log directory = log
>
> Initializing Network Interface \
> ERROR: OpenPcap<> FSM compilation failed:
> 	Syntax error
> PCAPM command: Files\Sourcefire\Snort\snort.conf -l C:\Program
> Files\Sourcefire\Snort -A full -h any
> Fatal Error, Quitting..
>
>
> William D. Pool
> www.icephyre.net
> _____________________________________________
> GPG Public ID: EE3D7A83			     |
> PGP6 Public ID: 065DEF8B
> ----------------------------------------------
> "Reality, is only fiction put into production"
>
>
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list