[Snort-users] Snort 2.0 as a Windows Service??

Michael Steele michaels at ...155...
Wed Apr 23 13:03:21 EDT 2003


Brad,

I have the Snort service configured but Snort is not started because
MySQL needs to be configured so Snort won't barf on the output database
line. Snort and MySQL MUST be fully configured before the reboot as
stated in the docs.

If you have Snort running with the native Snort service, then there is
no problem in dumping a new version of snort into that same folder. Make
sure to stop Snort before you do this then restart snort. Another thing,
make a backup of the snort folder before doing this as you will need to
either update the snort.conf or copy the old one back along with any
modified rules.

-Michael
-- 
 Michael Steele | System Engineer / Support Technician     
 mailto:michaels at ...155...    
 Silicon Defense - The Cyber-War Defense Company
 Website: http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: kerberos K [mailto:kerberos_k at ...125...] 
Sent: Wednesday, April 23, 2003 11:18 AM
To: michaels at ...155...; erek at ...950...
Cc: RussU at ...6702...
Subject: RE: [Snort-users] Snort 2.0 as a Windows Service??


Guys,

This is fascinating, and I'm learning an enormous amount. Thank You... I
do 
however have an additional question?

In following Michaels document, it appears as though I should be able to

start Snort as a service, prior to even configuring the MySql database
and 
users...

If this is in fact true, why would the database issue cause me to have 
issues starting the service?

Also, I had this working flawlessly with V 1.9.1, MySql, & ACID
according to 
a previous version of Michaels documents. I had the users and database 
permission's set up properly, why would upgrading to 2.0 in the same 
directory as 1.9.1 cause my service to fail or not start??

Obviously I overlooked something, I'm just not sure what it is..

Thank you all for your help...

--Brad





>From: "Michael Steele" <michaels at ...155...>
>To: "'Erek Adams'" <erek at ...950...>,"'kerberos K'"
<kerberos_k at ...125...>
>CC: <RussU at ...6702...>, <snort-users at lists.sourceforge.net>
>Subject: RE: [Snort-users] Snort 2.0 as a Windows Service??
>Date: Wed, 23 Apr 2003 08:56:44 -0700
>
>Erek,
>
>How can you tell he has two output database plugins?
>
>In my documentation it specifies two output database lines. 0ne is
alert
>and the other is log.
>
>If he is using my docs, leave in both line, but make sure the syntax is
>correct. I'm assuming he has failed to properly setup the users in the
>database.
>
>He can also execute his run line with a -T at the end but most likely
>won't get much more information. He can also check the Application log
>and see what it's reporting.
>
>-Michael
>--
>  Michael Steele | System Engineer / Support Technician
>  mailto:michaels at ...155...
>  Silicon Defense - The Cyber-War Defense Company
>  Website: http://www.silicondefense.com
>  Snort: Open Source Network IDS - http://www.snort.org
>
>
>-----Original Message-----
>From: snort-users-admin at lists.sourceforge.net
>[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Erek
Adams
>Sent: Wednesday, April 23, 2003 6:24 AM
>To: kerberos K
>Cc: RussU at ...6702...; snort-users at lists.sourceforge.net
>Subject: RE: [Snort-users] Snort 2.0 as a Windows Service??
>
>On Tue, 22 Apr 2003, kerberos K wrote:
>
>[...snip...]
>
> > database: compiled support for ( mysql odbc )
> > database: configured to use mysql
> > database:          user = snort
> > database: password is set
> > database: database name = snort
> > database:          host = 127.0.0.1
> > database:          port = 3306
> > database:   sensor name = Websrv15e
> > database:     sensor id = 2
> > database: schema version = 106
> > database: using the "alert" facility
> > database: compiled support for ( mysql odbc )
> > database: configured to use mysql
> > database:          user = snort
> > database: database name = snort
> > database:          host = 127.0.0.1
> > database:          port = 3306
> > database:   sensor name = Websrv15e
> > ERROR: database: mysql_error: Access denied for user:
>'snort at ...263...'
> > (Using password: NO)
> > Fatal Error, Quitting..
> >
> > >From reading some of the archives, I suspect this is a a Mysql
error.
>Being
> > a novice though, I'm curious as to how simply upgrading Snort would
>affect
> > my Database tables and permissions?? Also, reading Michael Steele's
> > documentation on this (as well as how I configured it with 1.9.1),
the
> > service should be running prior to even configuring MySql...
>
>You've got 2 db output plugin lines in your snort.conf.  Remove the
>second
>one and all should be well.  Use the one that has a password listed,
>since
>that's what the second seems to be failing on.
>
>Cheers!
>
>-----
>Erek Adams
>
>    "When things get weird, the weird turn pro."   H.S. Thompson
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>


_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail








More information about the Snort-users mailing list