[Snort-users] snort 2.8.6.0 inline (remote sensor) won't connect to mysqld

Paul Schmehl pschmehl_lists at ...14358...
Wed May 12 11:01:27 EDT 2010


Unified2.  Barnyard2.

Unified and barnyard are both obsolete.

--On Tuesday, May 11, 2010 20:50:09 -0400 Joel Esler <jesler at ...1935...> 
wrote:

> Possibly. Check your alerts.
>
> However, what you should do, especially in inline mode, is from Snort,
> log to unified.
>
> Then use barnyard to read the unified files and input them into the database.
>
> On Tuesday, May 11, 2010, Lawrence R. Hughes, Sr. <lhughes at ...14822...>
> wrote:
>>
>>
>>
>>
>>
>>
>>
>> Hi,
>>
>> We have snort 2.8.6.0 inline working with a local
>> snort database and reporting works.
>> When we try to have the same sensor now
>> connect to a remote snort mysq database, it won't connect?
>>
>> We have other snort 2.8.6.0 (non-inline) sensors
>> connect to the same mysql server and they work fine.
>> All permissions have been entered into the mysql
>> database to allow that remote inline sensor to connect.
>>
>> When we run snort 2.8.6.0 in the non-inline mode on
>> the same machine, it can connect to the remote database?
>>
>> Is the inline sensor blocking our
>> connection to the database?
>>
>>  Thanks,
>> Larry
>>
>>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson





More information about the Snort-users mailing list