[Snort-users] Snot Newb Question

Randy Walinga randy at ...11621...
Mon Apr 19 13:41:05 EDT 2004


Shaun,

It could be two things.  You have the wrong password or your mysql snort
user isn't allowed access to the snort db from localhost.  You should be
able to fix both with one command.

You need your mysql root password.  Assuming your db name is snort and your
mysql username is snort and the password is secret, then do something like
this from the MySQL system :

mysql -u root -p mysql
<enter mysql root password>
grant select,insert,update,delete on snort.* to 'snort'@'localhost'
identified by 'secret';
flush privileges;
quit;

Randy.



-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Shaun Gray
Sent: April 19, 2004 3:22 PM
To: Harper, Patrick; bryan.irvine at ...9066...
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Snot Newb Question


Patrick,

I am using your write up for the Redhat installation and I followed it
exactly.  I commented out that particular line and I get this message

"Error: database: mysql_error. Access Denied for use: snort at ...274...
(using password: YES)"

When I run "snort -c /etc/snort/snort.conf"

If I am using the wrong password is there a way to reset this.

Thanks,

Shaun
-----Original Message-----
From: Harper, Patrick [mailto:patrick.harper at ...11593...]
Sent: Monday, April 19, 2004 2:43 PM
To: Shaun Gray; Bryan Irvine
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Snot Newb Question

Uncomment the output line (remove the #)
# output database: log, mysql, user=snort password=secret dbname=snort
host=localhost


Patrick S. Harper | CISSP RHCT MCSE
Information Security Engineer
patrick.harper at ...11593...


-----Original Message-----
From: Shaun Gray [mailto:SGray at ...11672...]
Sent: Monday, April 19, 2004 10:52 AM
To: Bryan Irvine
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Snot Newb Question

I'm not sure which line is the DB one so I have attached the entire
file.  Opening it via IE works.

-----Original Message-----
From: Bryan Irvine [mailto:bryan.irvine at ...9066...]
Sent: Monday, April 19, 2004 12:07 PM
To: Shaun Gray
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snot Newb Question

could you post the database line of your snort.conf?

--Bryan

On Mon, 2004-04-19 at 08:24, Shaun Gray wrote:
> Stats and alerts are showing up when I run "snort -c
> /etc/snort/snort.conf".  But when I look at ACID no activity shows up.

> I have a feeling this is something very simple but, I can't put my
> finger on it.  Can anyone lend some advice on this issue?
>
>
>
> Thanks,
>
>
>
> Shaun Gray
>
> Network Engineer
>
> Medford Township Board of Education
>
>
>
>






Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may
contain information that is privileged or otherwise protected from
disclosure by applicable law. Any unauthorized disclosure,
dissemination, use or reproduction is strictly prohibited. If you have
received this message in error, please delete it and notify the sender
immediately.








More information about the Snort-users mailing list