[Snort-users] Snort logging to encrypted MySQL (ssl) server?

Ben Nelson lists at ...10344...
Tue Nov 4 09:28:09 EST 2003


I have two ideas, both involving STunnel (www.stunnel.org)
1) Use STunnel to do the SSL portion for snort (i.e. only run STunnel on 
the sensor end of the connection)
2) Take MySQL SSL out of the picture completely and just use STunnel at 
both ends of the connection.  this is what I do and it works great.

--Ben



David DeCoster wrote:
> Hello all--
> 
> I have a question that is driving me nuts.  I have a remote snort sensor
> (running ver. 2.0.2 on Debian testing) that I need to have log to a
> MySQL database in my office (also on Debian testing and MySQL is version
> 4.0.3).
> 
> The sensor needs to send the MySQL traffic over a hostile network (aka.
> one I do not control), so I do not want the mysql traffic sent in the
> clear.
> 
> I have MySQL 4.0.3 installed on the sensor (client, libraries, and
> headers) and the database computer.  I enabled SSL (X.509 certificates)
> on the MySQL server and I am able to get an encrypted connection back to
> the database server using the command-line 'mysql' command.
> 
> When I tried to make this work with snort, it failed and I was not able
> to login to the MySQL database (and snort rolls over and dies).
> 
> Does anyone have any ideas on how to make snort log to MySQL with SSL? 
> I've tried recompiling snort with the MySQL libraries and includes from
> 4.0.3, but nothing seems to work.
> 
> Thanks in advance,
> 
> -dave
> 






More information about the Snort-users mailing list