[Snort-users] Snort logging to encrypted MySQL (ssl) server?
security at ...9153...
Tue Nov 4 09:11:11 EST 2003
you could try to install ssh on the server/client and tunnel the traffic ...
ssh -L 3306:server.com:3306 user at ...5168...
then change your snort.conf to point to localhost ... i think the problem is
just that the plugin does not handle ssl correctly.
----- Original Message -----
From: "David DeCoster" <decoster at ...10463...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, November 04, 2003 11:33 AM
Subject: [Snort-users] Snort logging to encrypted MySQL (ssl) server?
> Hello all--
> I have a question that is driving me nuts. I have a remote snort sensor
> (running ver. 2.0.2 on Debian testing) that I need to have log to a
> MySQL database in my office (also on Debian testing and MySQL is version
> The sensor needs to send the MySQL traffic over a hostile network (aka.
> one I do not control), so I do not want the mysql traffic sent in the
> I have MySQL 4.0.3 installed on the sensor (client, libraries, and
> headers) and the database computer. I enabled SSL (X.509 certificates)
> on the MySQL server and I am able to get an encrypted connection back to
> the database server using the command-line 'mysql' command.
> When I tried to make this work with snort, it failed and I was not able
> to login to the MySQL database (and snort rolls over and dies).
> Does anyone have any ideas on how to make snort log to MySQL with SSL?
> I've tried recompiling snort with the MySQL libraries and includes from
> 4.0.3, but nothing seems to work.
> Thanks in advance,
> David DeCoster <decoster at ...10464...>
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive? Does it
> help you create better code? SHARE THE LOVE, and help us help
> YOU! Click Here: http://sourceforge.net/donate/
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users