[Snort-users] Snort loggin into MySQL

Chris Keladis Chris.Keladis at ...2783...
Sat Jan 19 15:24:03 EST 2002


Hi Warrick,

Grant access to your sensor as follows (from a mysql 'root' session):

GRANT SELECT,INSERT on snort.* to sniff at ...274... identified by
'mypassword';

Naturally change mypassword to something only you know.


Ensure you also do (newer mysqls dont need this i think):

mysql> flush privileges;




Regards,

Chris.

Warrick FitzGerald wrote:

> Hi All,
> 
> Im no MySQL fundie, but I created a user "sniff" in MySQL, and do not seem
> to be able to get snort to start up with these cridentials. I get the
> following error ....
> 
> ----------------------------------------------------------------------------
> --
> database: compiled support for ( mysql postgresql )
> database: configured to use mysql
> database:          user = sniff
> database: password is set
> database: database name = snort
> database:          host = localhost
> database:   sensor name = 10.10.52.23
> database: mysql_error: Access denied for user: 'sniff at ...274...' (Using
> password: YES)
> Fatal Error, Quitting..
> ----------------------------------------------------------------------------
> --
> 
> Any ideas ?
> 
> Thanks
> Warrick
> 
> ----- Original Message -----
> From: "Ronneil Camara" <ronneilc at ...4042...>
> To: <snort-users at lists.sourceforge.net>
> Sent: Saturday, January 19, 2002 2:51 PM
> Subject: [Snort-users] about pass rule
> 
> Is it just replacing the word "alert" with "pass" so that it ignores the
> attack?
> 
> Example.
> 
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS cmd.exe
> access"; flags: A+; content:"cmd.exe"; nocase; classtype:web-application
> -attack; sid:1002; rev:2;)
> 
>   will become
> 
> pass tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS cmd.exe
> access"; flags: A+; content:"cmd.exe"; nocase; classtype:web-application
> -attack; sid:1002; rev:2;)
> 
> -o is also needed. :-)
> 
> Thanks.
> 
> Neil
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list