[Snort-users] Snort loggin into MySQL

Warrick FitzGerald wfitzgerald at ...4613...
Sat Jan 19 15:42:01 EST 2002


Thanks Guys,

That worked great :)


----- Original Message -----
From: "Chris Keladis" <Chris.Keladis at ...2783...>
To: "Warrick FitzGerald" <wfitzgerald at ...4613...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Saturday, January 19, 2002 6:22 PM
Subject: Re: [Snort-users] Snort loggin into MySQL


> Hi Warrick,
>
> Grant access to your sensor as follows (from a mysql 'root' session):
>
> GRANT SELECT,INSERT on snort.* to sniff at ...274... identified by
> 'mypassword';
>
> Naturally change mypassword to something only you know.
>
>
> Ensure you also do (newer mysqls dont need this i think):
>
> mysql> flush privileges;
>
>
>
>
> Regards,
>
> Chris.
>
> Warrick FitzGerald wrote:
>
> > Hi All,
> >
> > Im no MySQL fundie, but I created a user "sniff" in MySQL, and do not
seem
> > to be able to get snort to start up with these cridentials. I get the
> > following error ....
> >
>
> --------------------------------------------------------------------------
--
> > --
> > database: compiled support for ( mysql postgresql )
> > database: configured to use mysql
> > database:          user = sniff
> > database: password is set
> > database: database name = snort
> > database:          host = localhost
> > database:   sensor name = 10.10.52.23
> > database: mysql_error: Access denied for user: 'sniff at ...274...' (Using
> > password: YES)
> > Fatal Error, Quitting..
>
> --------------------------------------------------------------------------
--
> > --
> >
> > Any ideas ?
> >
> > Thanks
> > Warrick
> >
> > ----- Original Message -----
> > From: "Ronneil Camara" <ronneilc at ...4042...>
> > To: <snort-users at lists.sourceforge.net>
> > Sent: Saturday, January 19, 2002 2:51 PM
> > Subject: [Snort-users] about pass rule
> >
> > Is it just replacing the word "alert" with "pass" so that it ignores the
> > attack?
> >
> > Example.
> >
> > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS cmd.exe
> > access"; flags: A+; content:"cmd.exe"; nocase; classtype:web-application
> > -attack; sid:1002; rev:2;)
> >
> >   will become
> >
> > pass tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS cmd.exe
> > access"; flags: A+; content:"cmd.exe"; nocase; classtype:web-application
> > -attack; sid:1002; rev:2;)
> >
> > -o is also needed. :-)
> >
> > Thanks.
> >
> > Neil
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=ort-users
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list