[Snort-users] Mysql question

David Markle davidmarkle at ...5068...
Fri Apr 25 14:30:03 EDT 2003


A couple of things could be hassling you.

The first this is to validate that the snort RPM you got was compiled
with --with-mysql=<dir>.  If it was not, thats your problem.  If it was in
there, then:

I do not want to insult your intelligence, but there could be several minor
things wrong here.  I am just guessing though.

1. Assuming by the host=10.1.10.2 its a remote mysql db ???  If not use
host=localhost.
2. Make sure that the DB "SNORT" you created in mysql is correct.  MySQL is
case sensitive !!
3. I also assume that you created a user in mysql called "snort" with a
password of "snort".  If not, you'll need to use the default root acct in
mysql.
4. ACID also needs some mysql configuration modifications for the front end
to work properly.

My Snort output plug for mysql is as follows:
output database: log, mysql, user=root password=<mypasswd> dbname=snort
host=localhost encoding=hex detail=Full

Hope this helps.

-----Original Message-----
From: Jared Raddigan [mailto:jraddigan at ...9023...]On Behalf Of
jared at ...9023...
Sent: Friday, April 25, 2003 4:54 PM
To: davidmarkle at ...5068...
Subject: RE: [Snort-users] Mysql question


Oops I thought I put that in. Here is my snort.conf file settings:

output database: log, mysql, user=snort password=snort dbname=SNORT
host=10.1.10.2

Everything else is was left pretty much default.

Thanks,

Jared

-----Original Message-----
From: David Markle [mailto:davidmarkle at ...5068...]
Sent: Friday, April 25, 2003 1:21 PM
To: jared at ...9023...; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Mysql question


What is you output plugin line for database giving this error ???

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of
jared at ...9023...
Sent: Friday, April 25, 2003 4:08 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Mysql question


I am trying to get snort to work with mysql.

I am running
RH9.0
mysql-3.23.54a-11
mysql-devel-3.23.54a-11
snort-1.9.1-1snort
snort-mysql-1.9.1-1snort

With everything installed from RPM's. Snort seems to be working good until
modify the snort.conf file to have this:

WARNING: unknown output plugin: 'database'1310 Snort rules read...
1310 Option Chains linked into 139 Chain Headers
0 Dynamic rules



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list