No subject


Thu Nov 23 16:36:19 EST 2017


# cd /usr/share/doc/snort-mysql/contrib.
# gunzip -d create_mysql.gz
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
mysql> create database snort_log;
mysql> connect snort_log;
mysql> source create_mysql
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to
snort;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to
snort at ...274...;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to
acid;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to
acid at ...274...;
mysql> create database snort_archive;
mysql> connect snort_archive;
mysql> source create_mysql
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_archive.*
to acid;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_archive.*
to acid at ...274...;
mysql> set password for 'snort'@'localhost'=3Dpassword('');
mysql> set password for 'snort'@'%'=3Dpassword('');
mysql> set password for 'acid'@'localhost'=3Dpassword('');
mysql> set password for 'acid'@'%'=3Dpassword('');
mysql> exit

Note that the directions are for Debian Linux, so YMMV.

-Anne

Cilin grabbed a keyboard and typed...
> Hi, I am newbie to snort and also have the problem of
> Snort not logging into the MySql database. I did the
> following steps, as recommended in one of the earlier
> emails but nothing helped.
>=20
> 1.  Created the database snort in MySQL with
> appropriate permissions for users and hosts.
> 2.  Ran the script contrib/create_mysql in the snort
> source code against the database as a user with the
> correct permissions.
> 3.   Uncommented and supplied user, password, database
> and host for the output database line for mysql in the
> snort.conf file.
> 4.   Restarted Snort.
>=20
> and still nothing
> Snort does log the scans (scan.log gets updated every
> time i run a scan over the network)
> However i haven't gotten a single error yet.
> (alert.ids is 0Kb)
>=20
> when i run snort from the command line via=20
> "snort -v -i 1" I get:
>=20
> 0 dropped packages
>=20
> Action stats:
> Alerts: 0
> Logs  : 0
> Passed: 0
>=20
> Wireless Stats, Fragmentation Stats, TCP Stream
> Reasembly stats have ONLY '0's.
>=20
> Please help, i have searched the internet and the
> forums for any clues for the past 2 weeks but didn't
> find anything.
>=20
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>=20
>=20
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld =3D Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users

--=20
              .-"".__."``".   Anne Carasik, System Administrator
 .-.--. _...' (/)   (/)   ``'   gator at cacr dot caltech dot edu=20
(O/ O) \-'      ` -=3D"""=3D.    ',  Center for Advanced Computing Research=
=20=20=20=20
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


--UugvWAfsgieZRqgk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+QZjVMBm4d8/+V5gRAmLNAJ4qL7OJKtI+fyUmTqMHbs7AtcllsQCfUN2H
BeA+0xyBmY2HHGko4cjewD8=
=bRn+
-----END PGP SIGNATURE-----

--UugvWAfsgieZRqgk--




More information about the Snort-users mailing list