[Snort-users] Snort logging to encrypted MySQL (ssl) server?

jon baer security at ...9153...
Tue Nov 4 09:11:11 EST 2003

you could try to install ssh on the server/client and tunnel the traffic ...

ssh -L 3306:server.com:3306 user at ...5168...

then change your snort.conf to point to localhost ... i think the problem is
just that the plugin does not handle ssl correctly.

- jon

----- Original Message -----
From: "David DeCoster" <decoster at ...10463...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, November 04, 2003 11:33 AM
Subject: [Snort-users] Snort logging to encrypted MySQL (ssl) server?

> Hello all--
> I have a question that is driving me nuts.  I have a remote snort sensor
> (running ver. 2.0.2 on Debian testing) that I need to have log to a
> MySQL database in my office (also on Debian testing and MySQL is version
> 4.0.3).
> The sensor needs to send the MySQL traffic over a hostile network (aka.
> one I do not control), so I do not want the mysql traffic sent in the
> clear.
> I have MySQL 4.0.3 installed on the sensor (client, libraries, and
> headers) and the database computer.  I enabled SSL (X.509 certificates)
> on the MySQL server and I am able to get an encrypted connection back to
> the database server using the command-line 'mysql' command.
> When I tried to make this work with snort, it failed and I was not able
> to login to the MySQL database (and snort rolls over and dies).
> Does anyone have any ideas on how to make snort log to MySQL with SSL?
> I've tried recompiling snort with the MySQL libraries and includes from
> 4.0.3, but nothing seems to work.
> Thanks in advance,
> -dave
> --
> David DeCoster <decoster at ...10464...>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?   SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list