[Snort-users] logging to a remote database with mudpit

Lance Boon lboon at ...11799...
Thu May 13 10:09:00 EDT 2004


Try this

GRANT INSERT,SELECT ON snort.* TO snort@'%' IDENTIFIED BY "password";

http://dev.mysql.com/doc/mysql/en/GRANT.html
http://dev.mysql.com/doc/mysql/en/Connection_access.html
http://dev.mysql.com/doc/mysql/en/Adding_users.html


-----Original Message-----
From: Maetzky, Steffen (Extern) [mailto:Steffen.Maetzky at ...11508...] 
Sent: Thursday, May 13, 2004 11:08 AM
To: Lance Boon
Subject: AW: [Snort-users] logging to a remote database with mudpit

1. Lets say that the remote-host = sensor1, other host = sensor2 and I want
both logging to sensor1.

Trying to connect from sensor1 to sensor1 (local) 	=> works
Trying to connect from sensor2 to sensor1 		=> failed


Shutting down my firewall on sensor1 and retrying	=> still the same

2. Working on sensor1: I have given the grants for sensor2 in that way:

mysql -p
use snort;
grant INSERT,SELECT on snort.* to snort; <= thinking that this give the
grants to snort at other hosts  
flush privileges; 

   

-----Ursprüngliche Nachricht-----
Von: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] Im Auftrag von Lance Boon
Gesendet: Donnerstag, 13. Mai 2004 17:28
An: snort-users at lists.sourceforge.net
Betreff: RE: [Snort-users] logging to a remote database with mudpit

I'm confused now, you say you tried this from your remote host and it works,
but trying the same from the other host failed??? Have you granted the
"other" host privileges on the MySql server?

-----Original Message-----
From: Maetzky, Steffen (Extern) [mailto:Steffen.Maetzky at ...11508...]
Sent: Thursday, May 13, 2004 9:45 AM
To: Lance Boon
Subject: AW: [Snort-users] logging to a remote database with mudpit

Trying this from my remote host works.
Trying the same from the other host failed 

-----Ursprüngliche Nachricht-----
Von: Lance Boon [mailto:lboon at ...11799...]
Gesendet: Donnerstag, 13. Mai 2004 16:24
An: Maetzky, Steffen (Extern)
Betreff: RE: [Snort-users] logging to a remote database with mudpit

Have you tried just logging into the mysql server from your remote host?
For example mysql -h192.168.1.1 -usnort -p snort Just substitute the ip I
put in there for your mysql server's ip. 

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Maetzky,
Steffen (Extern)
Sent: Thursday, May 13, 2004 8:54 AM
To: 'Snort-users at lists.sourceforge.net'
Subject: [Snort-users] logging to a remote database with mudpit

Hi,

I try to put data from a host to a mysql-database on a remote one with
mudpit but I get the following error message:

	Host 'hostname' is not allowed to connect to this MySQL Server
	error initializing ".../mp_acid_out.so": retrying unrecognized
parameter "server"

On the remote-host I have given the grants:

	grant INSERT,SELECT on snort.* to snort identified by 'password';
	flush privileges;

On the local host I use (mudpit.conf):

	spool "/var/log/snort" {
		lock = "mysql"
		delete_processed
		user="root"
		output=".../mp_acid_out.so", "server <remote server ip>,
user snort, password <password>, database snort, interface eth1"
	}

I don't know what's going wrong.
Any ideas?

Thanks in advance,

Steffen


-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for
SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for
SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list