[Snort-users] RE: Snort

Michael Steele michaels at ...155...
Fri Jun 21 21:40:04 EDT 2002


Don,

The only thing I don't like about MS-SQL is that you have to buy it,
whereas MySQL is free. This would be the best way to go, or Oracle would
even be better. 

Michael Steele | System Engineer / System Administrator     
mailto:michaels at ...155...
http://www.silicondefense.com


-----Original Message-----
From: Don [mailto:Don at ...5881...] 
Sent: June 21, 2002 10:56 AM
To: Michael Steele; 'Ross Draper'
Subject: RE: [Snort-users] RE: Snort

Ross, i'd like to try to do the same as you are doing, could you
enlighten
me on how you went about getting everything to MS-SQL, i'm taking my
snort
logging one step at a time right now, getting all the glitches out
between
steps until i get a good flow, my goal is to have everything on ms-sql,
currently i am just remote syslogging, and the syslog forwards to sql. i
guess my question is, how do you like the setup you have/had, how did
you
like the Snort/mySQL/Acid/Apache system as you had it, and what are you
hoping to accomplish by moving to ms-sql/iis. Do you have some ideas of
using asp pages to get reports? I guess i'll have to setup a
Snort/mySQL/Acid/Apache system to see what that takes, altho i have no
experience with apache, then i'll try to port over to ms-sql myself. I'm
just kind of soliciting feedback on your experience i guess at this
point.
sorry to ramble on, just interested in what you are doing here.

Don


> >-----Original Message-----
> >From: snort-users-admin at lists.sourceforge.net
> >[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Michael
> >Steele
> >Sent: Friday, June 21, 2002 10:03 AM
> >To: 'Ross Draper'
> >Cc: snort-users at lists.sourceforge.net
> >Subject: [Snort-users] RE: Snort
> >
> >
> >Ross,
> >
> >Be sure to set the correct port option in your output database line
for
> >your MSSQL database. I believe the default is 3306 which is where
MySQL
> >sits, and there is one in your Acid configuration too.
> >
> >I'm really running short on time and won't be back in until next
> >Wednesday. Would lover to hear from you on this because I have never
set
> >this configuration up. Our programmer is the one who developed
support
> >in Acid for MSSQL, and has set it up, but I haven't had time to sit
down
> >with him and do it from scratch and write the docs.
> >
> >-Michael
> >--
> > Michael Steele | System Engineer / Support Technician
> > mailto:michaels at ...155...
> > Silicon Defense: IDS solutions - http://www.silicondefense.com
> > Snort: Open Source Network IDS - http://www.snort.org
> >
> >
> >
> >-----Original Message-----
> >From: Ross Draper [mailto:ross.draper at ...6156...]
> >Sent: Friday, June 21, 2002 8:43 AM
> >To: michaels at ...155...
> >Subject: Snort
> >
> >
> >
> >Hi Michael
> >
> >Sorry to bother you - I appreciate you must be up to your neck in
people
> >pestering you for help
> >
> >I recently deployed Snort/mySQL/Acid/Apache on a windows 2k box,
using
> >your
> >documentation (worked perfectly - many thanks!).
> >
> >Due to the stresses placed on it I have now tried to move the
database
> >and web
> >server functionality to a seperate windows2000 box running MSSQL and
> >IIS.  I
> >have created the Table structure in Snort and went through your
> >intructions on
> >running acid with mysql and IIS because I could not find any docs on
> >deploying
> >snort with mssql remote logging(and a little bit of ini file fiddling
to
> >get php
> >to talk to mssql).  Things seem to be almost complete except for one
> >small but
> >vitally important problem - the damn thing wont log in!
> >
> >Acid pops up the following message when trying to view reports:
> >
> >Warning: MS SQL message: Login failed for user 'snort'. (severity 14)
in
> >c:\snort\adodb\adodb-mssql.inc.php on line 145
> >Warning: MS SQL: Unable to connect to server: localhost in
> >c:\snort\adodb\adodb-mssql.inc.php on line 145
> >Error (p)connecting to DB : snort at ...274...
> >Check the DB connection variables in acid_conf.php
> >               = $alert_dbname   : MySQL database name where the
alerts
> >are
> >stored
> >               = $alert_host     : host where the database is stored
> >               = $alert_port     : port where the database is stored
> >               = $alert_user     : username into the database
> >               = $alert_password : password for the username
> >Database ERROR:Login failed for user 'snort'.
> >
> >I've reset the passwords, wondered if snort was trying to login with
the
> >user
> >name of "snort at ...274..." so created this login as well as simply
> >"snort".
> >Double checked
> >the ini file and have come to the conclusion that I am simply stupid.
> >
> >Any ideas?
> >
> >Kind Regards
> >
> >Ross
> >
> >
> >
> >
>
>***********************************************************************
*
> >*
> >GWR on the Web
> >
> >http://www.koko.com		http://www.classicfm.com
> >
> >http://www.corefreshhits.com
> >http://www.planetrock.com
> >
> >http://www.opusonline.co.uk                 http://www.gwrgroup.com
> >
> >CONFIDENTIALITY NOTICE
> >
> >The information in this e-mail and any attachments to it is
confidential
> >and may be legally privileged or prohibited from disclosure and
> >unauthorised use. If you are not the intended recipient, any  use,
> >copying,
> >disclosure, modification, distribution and/or publication of this
> >message or its attachments (if any) is prohibited and may be
unlawful.
> >
> >We will not accept liability for any claims arising as a result
> >of the use of the internet to transmit information by or to GWR Group
> >plc.
>
>***********************************************************************
*
> >*
> >
> >
> >
> >
> >
> >-------------------------------------------------------
> >Sponsored by:
> >ThinkGeek at http://www.ThinkGeek.com/
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >








More information about the Snort-users mailing list