[Snort-users] Snort loggin into MySQL

Warrick FitzGerald wfitzgerald at ...4613...
Sat Jan 19 14:58:01 EST 2002


Hi All,

Im no MySQL fundie, but I created a user "sniff" in MySQL, and do not seem
to be able to get snort to start up with these cridentials. I get the
following error ....

----------------------------------------------------------------------------
--
database: compiled support for ( mysql postgresql )
database: configured to use mysql
database:          user = sniff
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name = 10.10.52.23
database: mysql_error: Access denied for user: 'sniff at ...274...' (Using
password: YES)
Fatal Error, Quitting..
----------------------------------------------------------------------------
--

Any ideas ?

Thanks
Warrick

----- Original Message -----
From: "Ronneil Camara" <ronneilc at ...4042...>
To: <snort-users at lists.sourceforge.net>
Sent: Saturday, January 19, 2002 2:51 PM
Subject: [Snort-users] about pass rule


Is it just replacing the word "alert" with "pass" so that it ignores the
attack?

Example.

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS cmd.exe
access"; flags: A+; content:"cmd.exe"; nocase; classtype:web-application
-attack; sid:1002; rev:2;)

  will become

pass tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS cmd.exe
access"; flags: A+; content:"cmd.exe"; nocase; classtype:web-application
-attack; sid:1002; rev:2;)

-o is also needed. :-)

Thanks.

Neil

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users






More information about the Snort-users mailing list