RE: [Snort-users] Snort and MySQL

It looks like for some reason he did not give it a password in the conf
file.  The "using password: NO" is the tip off I believe.  As well as the
other output, it should look like the following.  Notice the "Database:
password is set".  He does not get that, but the other error at the end
about using no password..  

What does your output line in your conf file look like?


database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name = 208.14.28.12
database:     sensor id = 2
database: inconsistent cid information for sid=2
          Recovering by rolling forward the cid=35585



Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Michael Steele
Sent: Sunday, August 29, 2004 1:52 PM
To: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Snort and MySQL

Looks like you have no access to the Snort database. Go back and make SURE
you can access the database with the credentials that you have in the
snort.conf file on the MySQL output database line.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support@winsnort.com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin@lists.sourceforge.net [mailto:snort-users- 
> admin@lists.sourceforge.net] On Behalf Of Robert Spangler
> Sent: Sunday, August 29, 2004 10:35 AM
> To: snort-users@lists.sourceforge.net
> Subject: [Snort-users] Snort and MySQL
>
> Hello,
>
> I seem to be having a problem setting up snort to use MySQL database.
>
> When I run 'snort -c /etc/snort/snort.conf'  I get the following:
>
> ===================================================
> Running in IDS mode
> Log directory = /var/log/snort
>
> Initializing Network Interface eth0
>
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding Ethernet on interface eth0
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file /etc/snort/snort.conf
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> database: compiled support for ( MySQL )
> database: configured to use MySQL
> database:          user = snort
> database: database name = snort
> database:          host = localhost
> database:   sensor name = 192.168.1.100
> ERROR: database: MySQL_error: Access denied for user: 'snort@localhost'
> (Using
> password: NO)
> Fatal Error, Quitting..
> ===================================================
>
>
> snort.conf has the following entry:
>
> ===================================================
> output database: log, MySQL, user=snort, password=******** 
> dbname=snort host=localhost 
> ===================================================
>
>
> MySQL was setup using this line for snort:
>
> ===================================================
> grant INSERT,SELECT on root.* to snort@localhost; SET PASSWORD FOR 
> snort@localhost=PASSOWRD('********');
> grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to 
> snort@localhost; grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* 
> to snort; ===================================================
>
> This was a step by step guide I had followed to set this up.  I'm 
> hoping someone might be able to see what I'm missing.  Thnx
>
> --
>
> Regards
> Robert
>
> Smile.....  It increases your face value.
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java 
> Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise
J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users