[Snort-users] Snort logging to encrypted MySQL (ssl) server?

David DeCoster decoster at ...10463...
Tue Nov 4 10:38:04 EST 2003


Yup, the ssl encrypted mysql connection works fine with the command line
client (the "mysql -h foo.bar.com -u anyone -p") connects and passes
encrypted data, just like the mysql documentation says it should.  

The only thing that caught me, was that I hadn't run the scripts to
update the grant tables.  After I did that, I just redid the grant for
the snort user, added "REQUIRE SSL", created the appropriate
certificates and the mysql client was happy.

I then rebuilt the snort 2.0.2 (and now 2.0.3) with the newer mysql
source (revision 4.0.3 according to debian's dpkg output) and what I see
is this:

ERROR: database: mysql_error: Access denied for user: \
'snort at ...10469...' (Using password: YES)

When I remove the REQUIRE SSL, things are happy again and it connects to
the database with no problems.

Also, I strace'd the snort startup and the execution of the 'mysql'
command and the mysql client looks for the ssl certificates, but snort
does not (it just tries username/password).

-dave

On Tue, 2003-11-04 at 05:59, jon baer wrote:
> do you have a normal ssl connection setup (like with the mysql client) that
> works correctly without using snort?  it may be that you just need to
> recompile snort with that version of mysql (wild guess) ... but i know you
> would need to alter the grant tables as they do need ssl options:
> 
> http://www.mysql.com/doc/en/Secure_GRANT.html
> 
> im going to attempt this later to see if i can get it working as if only
> used ssh tunneling til now.
> 
> - jon
-- 
David DeCoster <decoster at ...10463...>





More information about the Snort-users mailing list