Snort mailing list archives
fail to access mysql
From: "honda" <honda () cnnic cn>
Date: Thu, 22 May 2003 15:34:32 +0800
Hi,all I installed snort-1.8.3 with mysql-8.23 on linux 8, but I encountered a problem when trying the following command [root@bugzilla bin]# /opt/ids/bin/snort -c /opt/ids/etc/snort.d/snort.conf Log directory = /var/log/snort Initializing Network Interface eth1 --== Initializing Snort ==-- Decoding Ethernet on interface eth1 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /opt/ids/etc/snort.d/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Back Orifice detection brute force: DISABLED Using LOCAL time database: compiled support for ( mysql ) database: configured to use mysql database: user = snort database: database name = snort database: port = 3306 database: host = localhost database: password is set database: sensor name = 159.226.7.50 database: sensor id = 1 database: schema version = 104 database: using the "log" facility database: compiled support for ( mysql ) database: configured to use mysql database: user = snort database: database name = snort database: host = localhost database: sensor name = 159.226.7.50 database: mysql_error: Access denied for user: 'snort@localhost' (Using password: NO) Fatal Error, Quitting... HERE IS PART OF THE CONFIGURE FILE OF SNORT output database: log, mysql, user=snort dbname=snort port=3306 host=localhost password=12345678 ruletype redalert { type alert output alert_syslog: LOG_AUTH LOG_ALERT output database: log, mysql, user=snort dbname=snort host=bugzilla.cnnic.net.cn } I CHANGED THE PASSWORD ABOVE TO AN INCORRECT ONE, ANT IT SAYS: database: mysql_error: Access denied for user: 'snort@localhost' (Using password: YES) Fatal Error, Quitting.. I ALSO ADD THE password parameter IN THE ruletype redalert { ... } SECTION, SOMETHING LIKE: ruletype redalert { type alert output alert_syslog: LOG_AUTH LOG_ALERT output database: log, mysql, user=snort dbname=snort host=localhost password=12345678 } BUT IT COMPLAINS: ERROR line /opt/ids/etc/snort.d/snort.conf (414): Not an output plugin declaration: redalert Fatal Error, Quitting.. I ALSO CHANGED THE user PARAMETERS FROM snort TO root, AND THE host PARAMETERS TO 127.0.0.1 AND GRANT SNORT@127.0.0.1,SNORT@LOCALHOST AND ROOT@127.0.0.1,ROOT@LOCALHOST TO USE THE SNORT DATABASE, VARIED COMBINATIONS WERE TRIED, BUT THE PROBLEM STILL EXISTS. AS TO SAY MYSQL, I CREATED THE DATABASE AND TABLES WITH THE GUIDE OF SNORT AND DID THE FOLLOWING: [root@bugzilla bin]# ./mysql -u snort -h localhost -p12345678 snort Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 26 to server version: 3.23.49-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> show tables; +------------------+ | Tables_in_snort | +------------------+ | data | | encoding | | event | | iphdr | | reference | | reference_system | | schema | | sensor | | sig_class | | sig_reference | | signature | | tcphdr | | udphdr | +------------------+ 13 rows in set (0.00 sec) AT FIRST I ONLY GRANT INSERT AND SELECT TO SNORT DATABASE,BUT THE PROBLEM STILL EXISTS. SO I EXPANDED ITS PRIVILEGES TO ALL. HERE IS THE DISPLAY WITH THE show grants COMMAND mysql> show grants for snort@localhost; +----------------------------------------------------------------------------------------------------------------+ | Grants for snort@localhost | +----------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'snort'@'localhost' IDENTIFIED BY PASSWORD '4448dd9a39ab97e1' WITH GRANT OPTION | | GRANT ALL PRIVILEGES ON snort.* TO 'snort'@'localhost' | +----------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) HERE IS THE CONTENTS OF /etc/hosts [root@bugzilla bin]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost localhost 159.226.7.50 bugzilla.cnnic.net.cn bugzilla 159.226.7.75 zhuxiaolei.cnnic.net.cn zhuxiaolei 159.226.7.81 honda.cnnic.net.cn honda 159.226.7.115 loghost HERE IS PART OF acid_conf.php $alert_dbname = "snort"; $alert_host = "159.226.7.50"; $alert_port = "3306"; $alert_user = "snort"; $alert_password = "12345678"; /* Archive DB connection parameters */ $archive_dbname = "snort_archive"; $archive_host = "localhost"; $archive_port = ""; $archive_user = "root"; $archive_password = "mypassword"; UNTIL NOW, I WAS DEEPLY PUZZLED BY THIS PROBLEM, I ALSO DROPED THE SNORT DATABASE AND CREATED A NEW ONE, AND CREATED TABLES AND USERS WITH THE GUIDE OF SNORT INSTALLATION, STEP BY STEP, SERIOUSLY, DEVOUTLY, BUT NOTHING WAS PAIED DESPITE OF MY HARD WORK. CAN ANYBODY HELP ME? THANKS.
Current thread:
- fail to access mysql honda (May 22)