[Snort-users] Remote Mysql

Snort Snort at ...13151...
Mon Mar 21 09:32:22 EST 2005


On your database, you will need to add login access from your sensor IP
address.

 

Here is the mysql sql commands to add a user to your db

http://dev.mysql.com/doc/mysql/en/adding-users.html

 

here is a typical strings for IDS agents

 

GRANT SELECT,INSERT,UPDATE ON snort.* TO idsagent@'%'  IDENTIFIED BY
'some_pass';
 
The % in idsagent@%, says connections can be made from anywhere using
this account.

 

Or you can specify your host in subsitution

 

Michael Brown

  _____  

From: Salil D. [mailto:salildumbre at ...3390...] 
Posted At: Saturday, March 19, 2005 4:11 AM
Posted To: Snort
Conversation: RE: RE: [Snort-users] Remote Mysql
Subject: Re: RE: RE: [Snort-users] Remote Mysql
  


Thanks Michael,
The compilation was quite fine.
but I am facing these problems

database: compiled support for ( mysql )
database: configured to use mysql
database:          user = root
database: database name = snort
database:          host = 192.168.1.59
database:  sensor name = 203.109.100.153
ERROR: database: mysql_error: Access denied for user: '@192.168.1.20' to
database 'snort'
Fatal Error, Quitting..

Kindly let me know of the required actions.

Thanks,

Salil.


On Fri, 18 Mar 2005 Snort wrote :
>You just need the mysql libs, so yes, compile snort with the -mysql and
>it will find the mysql libs if you have them in the default location.
>Otherwise you may have to specify the location. As a suggestion, to be
a
>little bit more secure, I would run stunnel between the 2 devices and
>let mysql run on top of that.
>
>
>
>Thanks,
>
>Michael Brown
>
>  _____
>
> From: Salil D. [mailto:salildumbre at ...3390...]
>Posted At: Friday, March 18, 2005 12:27 AM
>Posted To: Snort
>Conversation: RE: [Snort-users] Remote Mysql
>Subject: Re: RE: [Snort-users] Remote Mysql
>
>
>
>Hello Michael,
>
>I am installing snort on proxy and mysql on other host
>I probably need mysql client to run on the snort host
>any ideas ?
>
>Regards,
>Salil D.
>
>
>On Fri, 18 Mar 2005 Snort wrote :
> >Not necessary if you already have mysql compiled in, just change it
> from
> >localhost to the remote host IP address
> >
> >output database: alert, mysql, user=unhuh dbname=IDS
sensor_name=pffft
> >sid=11 password=freewilly host=10.0.0.1
> >
> >Thanks,
> >Michael Brown
> >  _____
> >
> > From: snort-users-admin at lists.sourceforge.net
> >[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Salil
D.
> >Posted At: Thursday, March 17, 2005 7:39 AM
> >Posted To: Snort
> >Conversation: [Snort-users] Remote Mysql
> >Subject: [Snort-users] Remote Mysql
> >
> >
> >Hello there,
> >
> >I was able to run snort with mysql both on same host
> >I want to configure snort with mysql on remote machine
> >
> >what should be used with ./configure --with-mysql=?????????
> >
> >
> >Thanks to all
> >
> >Salil.
> >
> >
> >  <http://clients.rediff.com/signature/track_sig.asp>
>
>
>
>  <http://clients.rediff.com/signature/track_sig.asp>
>



 <http://clients.rediff.com/signature/track_sig.asp> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050321/6190058c/attachment.html>


More information about the Snort-users mailing list