Snort mailing list archives
RE: Newbie setup question
From: "Michael Steele" <michaels () silicondefense com>
Date: Wed, 20 Jun 2001 17:01:37 -0700
James, First of all MySQL is not easy to setup for the first time user. You stated you got an error (Syntax errors on ".") while configuring MySQL. You should have stopped at that point and found the fix before proceeding. The line you stated that you typed to configure MySQL by no means resembles the line in my how-to guide for installing Snort using Acid located at: http://www.silicondefense.com/techsupport/windows.htm Secondly you stated this: However, at this point I had to go back to the internet to download the SNORT1.7 source as the create_mysql was not included with prior Installations. This would have been nice to know first (this is the third fetch of zip files, perhaps a archive with these files could be included in the MySQL binaries, and reduce the amount of fetching for files required? My how-to file clearly states this: Note: Unfortunately there was no "contrib" folder supplied with version 1.7 of Snort for Win32. You will need to download the FULL source code for Snort from http://www.snort.org and extract the "create_mysql" from the "contrib" folder and place the "create_mysql" into the "C:\MySQL\Bin" folder. Thirdly you stated: First test: At this point I got complaints that snort was not compiled with MySQL support. You might want to go to http://www.sort.org and download and install the correct version of Snort that is compiled for MySQL. This will be a binary file that was compiled with the MySQL support for Snort that is ready to install. You made a few mistakes and I'm sure if you slowed down and read the how-to and didn't take things for granted that it would have been a smooth installation. If you go back and fix those problems I would be happy to help you get this going. -Mike Commercial Snort Support 1.866.41.SNORT Silicon Defense - www.silicondefense.com Michael Steele - Snort Support Technician -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of James Friesen Sent: Saturday, June 16, 2001 7:19 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Newbie setup question Hi folks. The documentation seems to need a rewrite since it's unable to answer my questions, and I've noticed that it's a common question with many other people trying to install this. I see where the problem is, but I don't know how to fix it. Using Michael Steele's Document I tried to follow his instructions for installing snort. I'm not sure of the advantages of using a SQL database in this fashion (if anyone can explain the benefits vs tcpdumps I'd be interesting in hearing) so I wanted to try it out. I'm realizing MySQL may require a bit more knowledge and familiarity than I have. Snort was working fine, and has been for 3 months. I have taken notes of the steps I have taken so far to install Snort according to this document, and I will include it here, so you can see where Michael's steps worked, and where they failed for me: Installing Snort according to Micheal Steele of SiliconDefense.com Ok, before starting process, currently have snort running and logging in tcpdump format . Downloaded all components as required. Installed MySQL according to the instructions. NOTE: Had a problem with the syntax of one of the parameters it required according to the MySQL documents.... - Enter the following query in the Query screen: GRANT ALL PRIVILEGES ON *.* to 'user name'@localhost identified by 'password' with grant option and click on the small green '>' on the top of the query screen. This did not work at all. Syntax errors on "." What is this parameter supposed to be. I'm assuming this will haunt me later. Continued with set up of MySQL.... Finished MySQL setup and running as noted. Created MySQL database for snort logs as directed ok. Snort was already installed so the next section was skipped. However, at this point I had to go back to the internet to download the SNORT1.7 source as the create_mysql was not included with prior installations. This would have been nice to know first (this is the third fetch of zip files, perhaps a archive with these files could be included in the MySQL binaries, and reduce the amount of fetching for files required? WinPcap was already installed so the next section was skipped. Testing Snort is where it broke completely. First test: At this point I got complaints that snort was not compiled with MySQL support. Second test: Ok, extracted the proper binary and installed it manually. Ok now it supports mysql, but a config error in the output module in snort.conf was broke and needed to be fixed. Done. Third test: ok, now we have a strange error that needs to be interpreted first. mysql_error: Access denied for user: '@MACH01' to database 'snort' Looks like the user name isn't being passed, and my guess is the haunt has come back to haunt me. Thanks in advance!! ----- James Friesen - Integration Specialist Lucretia Enterprises - info () lucretia ca www.lucretia.ca _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie setup question James Friesen (Jun 14)
- <Possible follow-ups>
- Newbie setup question James Friesen (Jun 16)
- RE: Newbie setup question Michael Steele (Jun 20)