[Snort-users] Snort logging to encrypted MySQL (ssl) server?
decoster at ...10463...
Tue Nov 4 10:38:04 EST 2003
Yup, the ssl encrypted mysql connection works fine with the command line
client (the "mysql -h foo.bar.com -u anyone -p") connects and passes
encrypted data, just like the mysql documentation says it should.
The only thing that caught me, was that I hadn't run the scripts to
update the grant tables. After I did that, I just redid the grant for
the snort user, added "REQUIRE SSL", created the appropriate
certificates and the mysql client was happy.
I then rebuilt the snort 2.0.2 (and now 2.0.3) with the newer mysql
source (revision 4.0.3 according to debian's dpkg output) and what I see
ERROR: database: mysql_error: Access denied for user: \
'snort at ...10469...' (Using password: YES)
When I remove the REQUIRE SSL, things are happy again and it connects to
the database with no problems.
Also, I strace'd the snort startup and the execution of the 'mysql'
command and the mysql client looks for the ssl certificates, but snort
does not (it just tries username/password).
On Tue, 2003-11-04 at 05:59, jon baer wrote:
> do you have a normal ssl connection setup (like with the mysql client) that
> works correctly without using snort? it may be that you just need to
> recompile snort with that version of mysql (wild guess) ... but i know you
> would need to alter the grant tables as they do need ssl options:
> im going to attempt this later to see if i can get it working as if only
> used ssh tunneling til now.
> - jon
David DeCoster <decoster at ...10463...>
More information about the Snort-users