[Snort-users] snort/ACID/MySQL

Scott Nursten scottn at ...4526...
Wed Mar 27 01:28:13 EST 2002


Hey John, 

Definitely not common. I have done multiple configs with snort logging to
remote MySQL DB's and have definitely gotten it working with very standard
grant entries...! If you'd like me to send you a copy of the configs, and
the steps I followed, let me know.

Regards,

Scott 


On 27/3/02 6:56 am, "John Sage" <jsage at ...2022...> wrote:

> Hello world..
> 
> Is it common to have to run MySQL skip-grant-tables to get away from
> myriad ERROR 1045 "Access denied for: 'user blah.host.host' (Using
> password = YES)" errors, trying to connect to a snort DB off on
> another box?
> 
> I was trying to get my firewall box to do this:
> 
> <snort.conf fragment>
> #
> output database: alert, mysql, user=blah dbname=snort host=sparky encoding=hex
> detail=full
> #
> </snort.conf fragment>
> 
> to go and send the alerts off to another box for analysis.
> 
> This is after _hours_ tweaking mysql's user and host tables with
> passwords and users and FQDN's and IP addresses, and "mysqladmin
> flush-privileges" and "flush-hosts" over and over again.
> 
> So I threw up my hands and added skip-grant-tables to /etc/my.cnf and
> restarted mysqld and off we went, first try.
> 
> Now that it works, I guess I don't care, but I was just wondering...
> 
> 
> - John

-- 






More information about the Snort-users mailing list