[Snort-users] remote sensor config

AJ Butcher, Information Systems and Computing Alex.Butcher at ...11254...
Thu Apr 8 00:47:00 EDT 2004


--On 08 April 2004 10:54 +0800 Che Wan Zaharudin <azhar at ...11599...> wrote:

> Hi,
>
> On your management server, grant permission to database for user
> 'my_username' to the database snort at ...11601... Try this command:
>
> mysql> grant all privileges on snort.* to myusername at ...263... identified
> by 'my_password';

ITYM:

grant all privileges on snort.* to my_username at ...11602... 
identified by 'my_password';

...since the sensor.ip.addr.ess will be the source address of any database 
connections initiated by Snort.

Incidentally, snort doesn't require all privs; INSERT, SELECT, UPDATE 
should be sufficient, I think.

> Thanks.

Best Regards,
Alex.

>
> -----Original Message-----
> From: Zondlo, Zack [mailto:ZZondlo at ...11597...]
> Sent: Thursday, April 08, 2004 5:55 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] remote sensor config
>
> hello all,
>
> i am trying to get my remote sensor to report to my management server, so
> far with no luck. the management server is up with acid and snortcenter
> and running fine, with snort running and reporting fine as well. mysql
> client and snortcenter client are on the sensor; snortcenter works fine,
> i can stop and start the sensor from the management box, push rules etc .
> i have tried the following versions of the output line in snort.conf on
> the sensor server:
> output database: alert, mysql, host=127.0.0.1 dbname=snort
> user=my_username password=my_password sensor_name=sensor, encoding ascii
> output database: alert, mysql, host=10.100.1.240 dbname=snort
> user=my_username password=my_password sensor_name=sensor, encoding ascii
> with the second one the sensor and the management server have a
> conversation of 10 packets going to port 3306 on the management server,
> which is correct. when snort starts, then nothing. the first config gets
> me nothing at all. snortcenter talks all the time on port 2525.
> the documentation i've read says to use the first line listed. if this is
> correct, then how do i get the sensor to know where management is?
> basically, i guess, how do i get this to work?
> thanks in advance,
> zack
>
>
> NHSXu??.)?y
> zTm't!:?'-+xwj[?vhj?vvw
>
>
> *****Confidentiality Notice*****************
> This message contains confidential
> information and is intended only for the
> individual named.If you are not the named
> addressee you should not disseminate,
> distribute or copy this e-mail.  Please
> notify the sender immediately by e-mail if
> you have received this e-mail by mistake and
> delete this e-mail from your system.
> ********************************************
>
>
> *****Confidentiality Notice*****************
> This message contains confidential
> information and is intended only for the
> individual named.If you are not the named
> addressee you should not disseminate,
> distribute or copy this e-mail.  Please
> notify the sender immediately by e-mail if
> you have received this e-mail by mistake and
> delete this e-mail from your system.
> ********************************************
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id70&alloc_id638&op?
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list
>



-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list