Snort mailing list archives
RE: Snort and MySQL
From: "Patrick S. Harper" <patrick () internetsecurityguru com>
Date: Sun, 29 Aug 2004 16:09:55 -0500
It looks like for some reason he did not give it a password in the conf file. The "using password: NO" is the tip off I believe. As well as the other output, it should look like the following. Notice the "Database: password is set". He does not get that, but the other error at the end about using no password.. What does your output line in your conf file look like? database: compiled support for ( mysql ) database: configured to use mysql database: user = snort database: password is set database: database name = snort database: host = localhost database: sensor name = 208.14.28.12 database: sensor id = 2 database: inconsistent cid information for sid=2 Recovering by rolling forward the cid=35585 Patrick S. Harper | CISSP RHCT MCSE www.internetsecurityguru.com www.ntsug.org - Snort Users Group "If there is no light at the end of the tunnel, get down there and light the damn thing yourself!" -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Michael Steele Sent: Sunday, August 29, 2004 1:52 PM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] Snort and MySQL Looks like you have no access to the Snort database. Go back and make SURE you can access the database with the credentials that you have in the snort.conf file on the MySQL output database line. Kindest regards, Michael... WINSNORT.com Management Team Member -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of Robert Spangler Sent: Sunday, August 29, 2004 10:35 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort and MySQL Hello, I seem to be having a problem setting up snort to use MySQL database. When I run 'snort -c /etc/snort/snort.conf' I get the following: =================================================== Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... database: compiled support for ( MySQL ) database: configured to use MySQL database: user = snort database: database name = snort database: host = localhost database: sensor name = 192.168.1.100 ERROR: database: MySQL_error: Access denied for user: 'snort@localhost' (Using password: NO) Fatal Error, Quitting.. =================================================== snort.conf has the following entry: =================================================== output database: log, MySQL, user=snort, password=******** dbname=snort host=localhost =================================================== MySQL was setup using this line for snort: =================================================== grant INSERT,SELECT on root.* to snort@localhost; SET PASSWORD FOR snort@localhost=PASSOWRD('********'); grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost; grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort; =================================================== This was a step by step guide I had followed to set this up. I'm hoping someone might be able to see what I'm missing. Thnx -- Regards Robert Smile..... It increases your face value. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and MySQL Robert Spangler (Aug 29)
- Re: Snort and MySQL Miikka Hattberg (Aug 29)
- RE: Snort and MySQL Patrick S. Harper (Aug 29)
- RE: Snort and MySQL Michael Steele (Aug 29)
- RE: Snort and MySQL Patrick S. Harper (Aug 29)
- Re: Snort and MySQL [SOLVED MAYBE] Robert Spangler (Aug 29)
- RE: Snort and MySQL [SOLVED MAYBE] Patrick S. Harper (Aug 30)
- <Possible follow-ups>
- Snort and MySQL FAzle Rokib (Aug 29)
- Re: Snort and MySQL Miikka Hattberg (Aug 29)