RE: Only half off topic..maybe

["Harper, Patrick" <patrick.harper () phns com>]

There is a sql script that comes with snort (as well as a db extra
script) that you have to run first.  Here is one way of doing it.  The
paths might be different for you but the method is about the same.

/usr/local/mysql/bin/mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('new_password');
> Query OK, 0 rows affected (0.25 sec)
mysql> create database snort;
> Query OK, 1 row affected (0.01 sec)
mysql> grant INSERT,SELECT on root.* to snort@localhost;
> Query OK, 0 rows affected (0.02 sec)
mysql> SET PASSWORD FOR snort@localhost=PASSWORD('new_password');
> Query OK, 0 rows affected (0.25 sec)
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to
snort@localhost;
> Query OK, 0 rows affected (0.02 sec)
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to snort;
> Query OK, 0 rows affected (0.02 sec)
mysql> exit
> Bye

> From the Snort source directory execute the following command (when
working
with MySQL, if it asks

Then install the extra DB tables using the following command from the
contrib directory
(you will need to cd to contrib)
zcat snortdb-extra.gz |/usr/local/mysql/bin/mysql -p snort
Enter password:
Now you need to check and make sure that the snort DB was created
correctly
/usr/local/mysql/bin/mysql -p
> Enter password:
mysql> SHOW DATABASES;
(You should see the following)
+------------+
| Database
+------------+
| mysql
| snort
| test
+------------+
3 rows in set (0.00 sec)
mysql> use snort
> Database changed
mysql> SHOW TABLES;
+------------------+
| Tables_in_snort
+------------------+
| data
| detail
| encoding
| event
| flags
| icmphdr
| iphdr
| opt
| protocols
| reference
| reference_system
| schema
| sensor
| services
| sig_class
| sig_reference
| signature
| tcphdr
| udphdr
+------------------+
19 rows in set (0.00 sec)>Bye 


-----Original Message-----
From: Jeff Price [mailto:misterunix () cox net] 
Sent: Tuesday, June 01, 2004 8:54 PM
To: snort-users () lists sourceforge net
Cc: Jeff Price
Subject: Re: [Snort-users] Only half off topic..maybe

Thank you for your interest in helping me. The issue is with a new
install with the latest downloads (acid, installed on LINUX Redhat 9.0.
During the installation process when the tables are created for the
database there are not enough tables being created, it only creates
four. Am I missing something in the documentation?  The documentation
speaks of the tables as though they should have been created,
unfortunately the documentation does not provide enough information,
other than grants, so I can't create the remaining tables on my own. I
have even looked at previous releases of acid and the sql script only
creates four tables at least in MySQL.

error message reads

The underlying database snort_log@localhost appears to be
incomplete/invalid Database ERROR:Table 'snort_log.iphdr' doesn't exist


It might be an older version. Only alert databases created by Snort
1.7-beta0 or later are supported

Thanks in advance

Jeff Price



----- Original Message -----
From: "Harper, Patrick" <patrick.harper () phns com>
To: "Jeff Price" <jeff () misterunix com>;
<snort-users () lists sourceforge net>
Sent: Tuesday, June 01, 2004 12:32 PM
Subject: RE: [Snort-users] Only half off topic..maybe


What problems are you having?


-----Original Message-----
From: Jeff Price [mailto:jeff () misterunix com]
Sent: Thursday, May 27, 2004 11:21 AM
To: snort-users () lists sourceforge net
Cc: Jeff Price
Subject: [Snort-users] Only half off topic..maybe

I am having an issue using ACID with SNORT, it is an ACID issue, what
discussion group do I go to for help with ACID?

My apologies for posting partially off topic.

Thanks
Jeff Price


++++++++++++++++++++++++++++++++++++++++++++++++++++++





-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users