[Snort-users] Access denied error in MySQL

Saad Kadhi bsdguy at ...4401...
Wed Jan 23 11:43:05 EST 2002


If we read carefully the line:
Database: mysql_error: Access denied for user: '@host130.xyz.com' to
database 'snortout'

We see that the username "outthere" is not included. It looks like snort
doesn't take into account the user part of the connection request. To
make sure the pb isn't coming from mysql itself, do sth like from
host130.xyz.com (you need mysql-client installed on that box):
# mysql -u outthere -h host35.xyz.com snortout

1. if this doesn't work, then launch a sniffer to see if the request
reach the DB and then make sure you have "flush priveleges" just in
case. btw, it's INSERT & not INSER in your SQL statement.
2. if it works, then the pb comes from your configuration file of snort

On Wed, 2002-01-23 at 19:29, protect wrote:
> I did it.but even though it is giving me the same error.
> Thanks,
> Protect
> -----Original Message-----
> From: Dan Fiorito [mailto:danf at ...1406...] 
> Sent: Wednesday, January 23, 2002 1:15 PM
> To: 'protect'
> Cc: Snort-Users (snort-users at lists.sourceforge.net)
> Subject: RE: [Snort-users] Access denied error in MySQL
> Looks like you just need to add INSER,SELECT,CREATE,DELETE on snortout.*
> to outthere@ <mailto:outthere at ...4654...> host130.xyz.com 
>  I have snort 1.8.3 + MySQL + ACID running in my ServerFarm. I want to
> install another snort on external side i.e. outside firewall using same
> MySQL server and ACID server in ServerFarm as Centralized server. I have
> successfully installed another database named snortout on MySQL for it
> and created another user named outthere and given
> INSER,SELECT,CREATE,DELETE on snortout.* to outthere at ...274... rights on
> MySQL server.
> When I am trying to run snort from outside firewall machine by executing
> snort -c c:\snort\snort.conf -l c:\snort\logs -i1 it is giving me
> following error:
> Database: mysql_error: Access denied for user: '@host130.xyz.com' to
> database 'snortout'
> Fatal Error, Quitting...
> I have configured snort.conf on machine outside firewall for output log
> as follows:
> Output database: log, mysql, user=outthere dbname=snortout
> host=host35.xyz.com sensor_name=DMZ
> Host35.xyz.com is FQDN of MySQL centralized database server.
> Host130.xyz.com is FQDN of machine out side of Firewall running snort.
> Can someone help me out in solving this problem?
> Thanks in advance.
> Protect
/Saad --  [bsdguy at ...4401...] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well

More information about the Snort-users mailing list