Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort - MySql - ACID and multiple sensors

From: "Michael Steele" <michaels () silicondefense com>
Date: Wed, 19 Sep 2001 07:00:02 -0700
Bill,

All you need to do is, specify the appropriate hostname in his 'output
database' line, and then grant select and insert privilage to
snort@remotehost, where snort is the name of your database user and
remotehost is the name of the machine which is remote to the mysql box.

-Mike
 
        Commercial Snort Support
              1.866.41.SNORT
Silicon Defense - www.silicondefense.com
Michael Steele - Snort Support Technician

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of
bhayes () unlnotes unl edu
Sent: Monday, September 17, 2001 1:34 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort - MySql - ACID and multiple sensors

I am having some trouble getting snort to log to a mysql server.  One
remote snort host did properly connect to the mysql host once. ACID did
correctly identify the sensor ID and its interface once. However, the
database did not pick up any alerts, even after using a nework-based
vulnerability scanner.

The sensor has subsequently refused to connect to the mysql host.  Snort
complains that it is unable to connect to the Mysql server and then
times
out.

Setting up the sensor and the mysql server as standalone snort hosts
works
well.  Snort logs everyhing from the proper interface.

Any ideas of where to look for this problem?

I am not yet subscribed to the list, so please respond directly.

Many thanks!

Bill...


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: