[Snort-users] Snort sensor and mysql setup

Harper, Patrick patrick.harper at ...11593...
Mon May 10 19:22:03 EDT 2004


That should do it for you.  After you give the remote snort user
permissions on the mysql box (make sure you have the port open for
mysql) then it should work fine.  I will be adding this to the next
revision of that document.


-----Original Message-----
From: Lance Boon [mailto:lbtf73_99 at ...131...] 
Sent: Thursday, May 06, 2004 9:45 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort sensor and mysql setup

I'm having a problem getting snort Version 2.1.2 (Build 25)set to log to
a remote mysql server, I've followed Patrick Harpers guide in setting up
the apache, mysql server, now I want the sensor setup on a seperate
machine to log back to the mysql/apache server. I know where the problem
lies, just unsure on how to correct it. 

ERROR: database: mysql_error: Access denied for user:
'snort at ...11780...' (Using password: YES) Fatal Error, Quitting..

I understand that snort can't login to the remote mysql server, If I try
to enter the following

[root at ...11781... snortcenter]# mysql -h10.0.16.16 -usnort -p snort Enter
password:
ERROR 1045: Access denied for user: 'snort at ...11780...'
(Using password: YES)

If I would login to the mysql server directly and 

SET PASSWORD FOR snort at ...11780...=PASSWORD 'new_password');

Then grant the permissions that are needed:

grant CREATE, INSERT, SELECT, DELETE, UPDATE on
snort.* to snort at ...11780...;

grant CREATE, INSERT, SELECT, DELETE, UPDATE on
snort.* to snort;

Would that take care of my problem?

If anybody has a better suggestion for setting this up any assistance
would be greatly appreciated, I'm using snort Version 2.1.2 on Fedora
core 1. Eventually I would like to have 6 sensors logging to this
database.
But right now just need to get the one working.

Thanks
Lance


	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover 


-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software Learn developer
strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher
performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. 







More information about the Snort-users mailing list