Snort mailing list archives
Re: MySql and Snort
From: Anne Carasik <gator () cacr caltech edu>
Date: Wed, 5 Feb 2003 15:05:57 -0800
Hi Cilin, This helped me the best for getting mysql and snort to talk with one another: From http://online.securityfocus.com/infocus/1640: # cd /usr/share/doc/snort-mysql/contrib. # gunzip -d create_mysql.gz # mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. mysql> create database snort_log; mysql> connect snort_log; mysql> source create_mysql mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to snort; mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to snort@localhost; mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to acid; mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_log.* to acid@localhost; mysql> create database snort_archive; mysql> connect snort_archive; mysql> source create_mysql mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_archive.* to acid; mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort_archive.* to acid@localhost; mysql> set password for 'snort'@'localhost'=password(''); mysql> set password for 'snort'@'%'=password(''); mysql> set password for 'acid'@'localhost'=password(''); mysql> set password for 'acid'@'%'=password(''); mysql> exit Note that the directions are for Debian Linux, so YMMV. -Anne Cilin grabbed a keyboard and typed...
Hi, I am newbie to snort and also have the problem of Snort not logging into the MySql database. I did the following steps, as recommended in one of the earlier emails but nothing helped. 1. Created the database snort in MySQL with appropriate permissions for users and hosts. 2. Ran the script contrib/create_mysql in the snort source code against the database as a user with the correct permissions. 3. Uncommented and supplied user, password, database and host for the output database line for mysql in the snort.conf file. 4. Restarted Snort. and still nothing Snort does log the scans (scan.log gets updated every time i run a scan over the network) However i haven't gotten a single error yet. (alert.ids is 0Kb) when i run snort from the command line via "snort -v -i 1" I get: 0 dropped packages Action stats: Alerts: 0 Logs : 0 Passed: 0 Wireless Stats, Fragmentation Stats, TCP Stream Reasembly stats have ONLY '0's. Please help, i have searched the internet and the forums for any clues for the past 2 weeks but didn't find anything. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- .-"".__."``". Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu (O/ O) \-' ` -="""=. ', Center for Advanced Computing Research ~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment:
_bin
Description:
Current thread:
- snort+mysql+acid Alan McCarty (Feb 04)
- Re: snort+mysql+acid Dustin Decker (Feb 04)
- <Possible follow-ups>
- RE: snort+mysql+acid Scott, Joshua (Feb 04)
- MySql and Snort Cilin (Feb 05)
- Re: MySql and Snort Anne Carasik (Feb 05)
- Re: MySql and Snort Cilin (Feb 07)
- MySql and Snort Cilin (Feb 05)