My Installation of snort is fine when I attempt to run snort -c
/etc/snort/snort.conf -l /var/snort/log
I get a IIS_UNICODE error, can anyone point me to where this has to be
directed to in the snort.conf file?? It's driving me batty!! Running on
linux RH9.
Help!!
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of
snort-users-request@lists.sourceforge.net
Sent: Monday, 30 August 2004 9:18 AM
To: snort-users@lists.sourceforge.net
Subject: [PMX:#] Snort-users digest, Vol 1 #4499 - 3 msgs
Send Snort-users mailing list submissions to
snort-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
snort-users-request@lists.sourceforge.net
You can reach the person managing the list at
snort-users-admin@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."
Today's Topics:
1. Re: Snort and MySQL [SOLVED MAYBE] (Robert Spangler)
2. Re: glibc dependency errors installing snort (James Riden)
3. Snort and MySQL (FAzle Rokib)
--__--__--
Message: 1
From: Robert Spangler <bms@zoominternet.net>
To: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Snort and MySQL [SOLVED MAYBE]
Date: Sun, 29 Aug 2004 20:02:29 -0400
On Sun August 29 2004 13:35, Robert Spangler wrote:
I seem to be having a problem setting up snort to use MySQL database.
I had an error in my snort.conf file
snort.conf has the following entry:
===================================================
output database: log, MySQL, user=snort, password=********
dbname=snort
host=localhost
===================================================
The above was placed in the wrong area of the config. When this was
corrected
snort seemed to run without any problems.
NOW
I don't think things are running correctly. I run a scan against my
machine
using CIS and it does it's reporting but I never see anything in ACID or
OpenAanval.
I used the following quick setup guide written by Patrick Harper at
http://www.internetsecurityguru.com/
--
Regards
Robert
Smile..... It increases your face value.
--__--__--
Message: 2
To: "Andy" <andy@page55.com>
Cc: <snort-users@lists.sourceforge.net>
Subject: Re: [Snort-users] glibc dependency errors installing snort
From: James Riden <j.riden@massey.ac.nz>
Date: Mon, 30 Aug 2004 12:18:48 +1200
"Andy" <andy@page55.com> writes:
Hi,
I'm having problems installing snort, I'm getting glibc dependency
errors.
I running RedHat 7.3, trying to install snort-2.1.3-1.i386.rpm
I can't find a newer version of glibc other than 2.2.5 and really
don't know
what I'm doing anyway.
Am I having these problems because I'm running RH 7.3? Does snort
2.1.3-1
run on RH 7.3?
Should I be installing a different package?
[root@tunes snort]# rpm -ivh [root@tunes snort]# rpm -ivh
snort-2.1.3-1.i386.rpm
error: failed dependencies:
libc.so.6(GLIBC_2.3) is needed by snort-2.1.3-1
I'd go to Fedora Core 1 at least if you can. I've done an upgrade from
7.3 to FC1 and it went OK, and snort 2.2.0 is happily working on that
machine.
Otherwise, try getting the appropriate rpms from here:
http://dag.wieers.com/packages/snort/
cheers,
Jamie
--
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
--__--__--
Message: 3
From: "FAzle Rokib" <rokib@itsits.com>
To: <snort-users@lists.sourceforge.net>
Date: Sun, 29 Aug 2004 21:16:13 -0400
Subject: [Snort-users] Snort and MySQL
This is a multi-part message in MIME format.
------=_NextPart_000_0030_01C48E0D.6A360260
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Try this:
mysql> Grant All On snort.* to snort@localhost<mailto:snort@localhost>;
or (if you have a password for snort user)=20
mysql> Grant All On snort.* to snort@localhost<mailto:snort@localhost> =
Identified By 'password';
[****If you have a password for snort user, you must use Identified By =
clause]
Message: 1
From: "Michael Steele" =
<michaels@winsnort.com<mailto:michaels@winsnort.com>>
To: =
<snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.
n=
et>>
Subject: RE: [Snort-users] Snort and MySQL
Date: Sun, 29 Aug 2004 11:52:02 -0700
Looks like you have no access to the Snort database. Go back and make =
SURE
you can access the database with the credentials that you have in the
snort.conf file on the MySQL output database line.
Kindest regards,=20
Michael...
WINSNORT.com Management Team Member
--=20
Pick up your FREE Windows or UNIX Snort installation guides =20
mailto:support@winsnort.com<mailto:support@winsnort.com>
Website: http://www.winsnort.com<http://www.winsnort.com/>
Snort: Open Source Network IDS - =
http://www.snort.org<http://www.snort.org/>
-----Original Message-----
From: =
snort-users-admin@lists.sourceforge.net<mailto:snort-users-admin@lists.s
o=
urceforge.net> [mailto:snort-users-
admin@lists.sourceforge.net<mailto:admin@lists.sourceforge.net>] On =
Behalf Of Robert Spangler
Sent: Sunday, August 29, 2004 10:35 AM
To: =
snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: [Snort-users] Snort and MySQL
=20
Hello,
=20
I seem to be having a problem setting up snort to use MySQL database.
=20
When I run 'snort -c /etc/snort/snort.conf' I get the following:
=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
Running in IDS mode
Log directory =3D /var/log/snort
=20
Initializing Network Interface eth0
=20
--=3D=3D Initializing Snort =3D=3D--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
=20
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
database: compiled support for ( MySQL )
database: configured to use MySQL
database: user =3D snort
database: database name =3D snort
database: host =3D localhost
database: sensor name =3D 192.168.1.100
ERROR: database: MySQL_error: Access denied for user: =
'snort@localhost'<mailto:'snort@localhost'>
(Using
password: NO)
Fatal Error, Quitting..
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
=20
=20
snort.conf has the following entry:
=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
output database: log, MySQL, user=3Dsnort, password=3D******** =
dbname=3Dsnort
host=3Dlocalhost
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
=20
=20
MySQL was setup using this line for snort:
=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
grant INSERT,SELECT on root.* to =
snort@localhost<mailto:snort@localhost>;
SET PASSWORD FOR =
snort@localhost=3DPASSOWRD('********'<mailto:snort@localhost=3DPASSOWRD(
'=
********'>);
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to =
snort@localhost<mailto:snort@localhost>;
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
=20
This was a step by step guide I had followed to set this up. I'm =
hoping
someone might be able to see what I'm missing. Thnx
=20
--
=20
Regards
Robert
=20
Smile..... It increases your face value.
=20
=20
=20
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
=
http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>
_______________________________________________
Snort-users mailing list
=
Snort-users@lists.sourceforge.net<mailto:Snort-users@lists.sourceforge.n
e=
t>
Go to this URL to change user options or unsubscribe:
=
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
=
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>
-- __--__--
Message: 2
From: "pfeito" <pfeito@netcabo.pt<mailto:pfeito@netcabo.pt>>
To: "'Keith W. McCammon'" =
<mccammon@gmail.com<mailto:mccammon@gmail.com>>,
<snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.
n=
et>>,
<hackerwacker@cybermesa.com<mailto:hackerwacker@cybermesa.com>>
Subject: RE: [Snort-users] Slow down TCP connections
Date: Sun, 29 Aug 2004 20:13:54 +0100
I don't really have a final purpose, I'm just digging out what proactive
stuff there is out there for Snort.=20
I don't need it, I just thought of it, as an example of proactive
functionality and wanted to find out if there is such thing. I guess it
=
is
kind of stupid.... although it could be useful in an snort+honeypot
scenario. Don't really put much though in it.
Why are you seeking and IDS to do traffic queueing ?
No. That would be like trying to cut a steak with a spoon :P !
-----Original Message-----
From: =
snort-users-admin@lists.sourceforge.net<mailto:snort-users-admin@lists.s
o=
urceforge.net> [mailto:snort-users-
admin@lists.sourceforge.net<mailto:admin@lists.sourceforge.net>] On =
Behalf Of Keith W. McCammon
Sent: domingo, 29 de Agosto de 2004 18:14
To: =
snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: Re: [Snort-users] Slow down TCP connections
=20
Right know, I've just compiled and installed snort 2.2.0 with =
flexresp2
support. I'm about to test flexresp2 capabilities, but It seems to =
have
no
support for slowing down TCP connections (i.e. for slowing down TCP
Scans
for instance...)
=20
Why would Snort want to "slow down" a TCP scan? Snort will catch it,
and under certain circumstances, flexresp2 can reset those
connections. That's pretty much the extent of Snort's involvement.
=20
Do you know any plug-in that allows Snort to slow down TCP =
connections
speed
(i.e. resize TCP window size) ?
=20
No. What would you accomplish by doing this? Either block the
traffic or don't. Slowing it down won't really get you anywhere
(it'll just take the attacker longer to do the same thing).
=20
=20
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
=
http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>
_______________________________________________
Snort-users mailing list
=
Snort-users@lists.sourceforge.net<mailto:Snort-users@lists.sourceforge.n
e=
t>
Go to this URL to change user options or unsubscribe:
=
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
=
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>
-- __--__--
Message: 3
From: "Jim Hendrick" =
<jrhendri@maine.rr.com<mailto:jrhendri@maine.rr.com>>
To: "'pfeito'" <pfeito@netcabo.pt<mailto:pfeito@netcabo.pt>>, =
<snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.
n=
et>>
Subject: RE: [Snort-users] Slow down TCP connections
Date: Sun, 29 Aug 2004 16:22:28 -0400
If you are looking to slow down scans, try a tarpit (e.g. labrea)
flexrsp is really designed to reset TCP connections to halt an attack.
-----Original Message-----
From: =
snort-users-admin@lists.sourceforge.net<mailto:snort-users-admin@lists.s
o=
urceforge.net>
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of pfeito
Sent: Sunday, August 29, 2004 12:57 PM
To: =
snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: [Snort-users] Slow down TCP connections
Hi Guys,
I'm searching for pro-active plug-ins for Snort.=3D20
Right know, I've just compiled and installed snort 2.2.0 with flexresp2
support. I'm about to test flexresp2 capabilities, but It seems to have
=
=3D
no
support for slowing down TCP connections (i.e. for slowing down TCP =3D
Scans
for instance...)
Do you know any plug-in that allows Snort to slow down TCP connections =
=3D
speed
(i.e. resize TCP window size) ?
Thanks,
-pfeito
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=3D3D5047&alloc_id=3D3D10808&op=3D3Dclick<http
:=
//ads.osdn.com/?ad_id=3D3D5047&alloc_id=3D3D10808&op=3D3Dclick>
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net<mailto:Snort-users@lists.sourceforge.n
e=
t>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3D3Dsnort-users<http://www.
g=
eocrawler.com/redir-sf.php3?list=3D3Dsnort-users>
-- __--__--
Message: 4
From: "pfeito" <pfeito@netcabo.pt<mailto:pfeito@netcabo.pt>>
To: "'Jim Hendrick'" =
<jrhendri@maine.rr.com<mailto:jrhendri@maine.rr.com>>,
<snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.
n=
et>>
Subject: RE: [Snort-users] Slow down TCP connections
Date: Sun, 29 Aug 2004 21:36:32 +0100
That's a cool thing to play around. But right now I'm only studying =
plugins
or modules for Snort. The slow down functionality was only one I example
=
I
thought, but it seems not to make sense in a IDS. I'm concentrating =
right
now in developing one or two demos with flexresp.
Thanks,
-pfeito
-----Original Message-----
From: Jim Hendrick [mailto:jrhendri@maine.rr.com]
Sent: domingo, 29 de Agosto de 2004 21:22
To: 'pfeito'; =
snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: RE: [Snort-users] Slow down TCP connections
=20
If you are looking to slow down scans, try a tarpit (e.g. labrea)
flexrsp is really designed to reset TCP connections to halt an attack.
=20
-----Original Message-----
From: =
snort-users-admin@lists.sourceforge.net<mailto:snort-users-admin@lists.s
o=
urceforge.net>
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of pfeito
Sent: Sunday, August 29, 2004 12:57 PM
To: =
snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: [Snort-users] Slow down TCP connections
=20
=20
Hi Guys,
=20
I'm searching for pro-active plug-ins for Snort.
=20
Right know, I've just compiled and installed snort 2.2.0 with =
flexresp2
support. I'm about to test flexresp2 capabilities, but It seems to =
have no
support for slowing down TCP connections (i.e. for slowing down TCP =
Scans
for instance...)
=20
Do you know any plug-in that allows Snort to slow down TCP connections
speed
(i.e. resize TCP window size) ?
=20
Thanks,
-pfeito
=20
=20
=20
=20
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
=
http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>
_______________________________________________
Snort-users mailing list
=
Snort-users@lists.sourceforge.net<mailto:Snort-users@lists.sourceforge.n
e=
t>
Go to this URL to change user options or unsubscribe:
=
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
=
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>
=20
-- __--__--
Message: 5
From: "Patrick S. Harper" =
<patrick@internetsecurityguru.com<mailto:patrick@internetsecurityguru.co
m=
To: "'Miikka Hattberg'" <miikka@miikkah.org<mailto:miikka@miikkah.org>>,
=
<snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.
n=
et>>
Subject: RE: [Snort-users] Snort and MySQL
Date: Sun, 29 Aug 2004 16:03:54 -0500
Not if you have your conf file set up right. The output database line =
has
that info. =20
Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com<http://www.internetsecurityguru.com/>
www.ntsug.org<http://www.ntsug.org/> - Snort Users Group
"If there is no light at the end of the tunnel, get down there and light
=
the
damn thing yourself!"
=20
-----Original Message-----
From: =
snort-users-admin@lists.sourceforge.net<mailto:snort-users-admin@lists.s
o=
urceforge.net>
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Miikka
Hattberg
Sent: Sunday, August 29, 2004 1:49 PM
To: =
snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: Re: [Snort-users] Snort and MySQL
I might be totally off, but shouldn't you specify the MySQL username in
=
the
command whe you start snort.
like ' snort -u snort -c /etc/snort/snort.conf '
m.
Robert Spangler wrote:
Hello,
I seem to be having a problem setting up snort to use MySQL database.
When I run 'snort -c /etc/snort/snort.conf' I get the following:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D
Running in IDS mode
Log directory =3D /var/log/snort
Initializing Network Interface eth0
--=3D=3D Initializing Snort =3D=3D--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
database: compiled support for ( MySQL )
database: configured to use MySQL
database: user =3D snort
database: database name =3D snort
database: host =3D localhost
database: sensor name =3D 192.168.1.100
ERROR: database: MySQL_error: Access denied for user: =
'snort@localhost'<mailto:'snort@localhost'>=20
(Using
password: NO)
Fatal Error, Quitting..
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D
snort.conf has the following entry:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D
output database: log, MySQL, user=3Dsnort, password=3D******** =
dbname=3Dsnort=20
host=3Dlocalhost =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
MySQL was setup using this line for snort:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D
grant INSERT,SELECT on root.* to =
snort@localhost<mailto:snort@localhost>; SET PASSWORD FOR=20
snort@localhost=3DPASSOWRD('********');
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to =
snort@localhost<mailto:snort@localhost>;=20
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D
This was a step by step guide I had followed to set this up. I'm=20
hoping someone might be able to see what I'm missing. Thnx
=20
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java =
Enterprise
J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net<mailto:Snort-users@lists.sourceforge.n
e=
t>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>
-- __--__--
Message: 6
From: "Patrick S. Harper" =
<patrick@internetsecurityguru.com<mailto:patrick@internetsecurityguru.co
m=
To: "'Michael Steele'" =
<michaels@winsnort.com<mailto:michaels@winsnort.com>>,
=
<snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.
n=
et>>,
"'Robert Spangler'" =
<bms@zoominternet.net<mailto:bms@zoominternet.net>>
Subject: RE: [Snort-users] Snort and MySQL
Date: Sun, 29 Aug 2004 16:09:55 -0500
=20
It looks like for some reason he did not give it a password in the conf
file. The "using password: NO" is the tip off I believe. As well as =
the
other output, it should look like the following. Notice the "Database:
password is set". He does not get that, but the other error at the end
about using no password.. =20
What does your output line in your conf file look like?
database: compiled support for ( mysql )
database: configured to use mysql
database: user =3D snort
database: password is set
database: database name =3D snort
database: host =3D localhost
database: sensor name =3D 208.14.28.12
database: sensor id =3D 2
database: inconsistent cid information for sid=3D2
Recovering by rolling forward the cid=3D35585
Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com<http://www.internetsecurityguru.com/>
www.ntsug.org<http://www.ntsug.org/> - Snort Users Group
"If there is no light at the end of the tunnel, get down there and light
=
the
damn thing yourself!"
=20
-----Original Message-----
From: =
snort-users-admin@lists.sourceforge.net<mailto:snort-users-admin@lists.s
o=
urceforge.net>
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Michael =
Steele
Sent: Sunday, August 29, 2004 1:52 PM
To: =
snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: RE: [Snort-users] Snort and MySQL
Looks like you have no access to the Snort database. Go back and make =
SURE
you can access the database with the credentials that you have in the
snort.conf file on the MySQL output database line.
Kindest regards,
Michael...
WINSNORT.com Management Team Member
--=20
Pick up your FREE Windows or UNIX Snort installation guides =20
mailto:support@winsnort.com<mailto:support@winsnort.com>
Website: http://www.winsnort.com<http://www.winsnort.com/>
Snort: Open Source Network IDS - =
http://www.snort.org<http://www.snort.org/>
-----Original Message-----
From: =
snort-users-admin@lists.sourceforge.net<mailto:snort-users-admin@lists.s
o=
urceforge.net> [mailto:snort-users-=20
admin@lists.sourceforge.net<mailto:admin@lists.sourceforge.net>] On =
Behalf Of Robert Spangler
Sent: Sunday, August 29, 2004 10:35 AM
To: =
snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.n
e=
t>
Subject: [Snort-users] Snort and MySQL
=20
Hello,
=20
I seem to be having a problem setting up snort to use MySQL database.
=20
When I run 'snort -c /etc/snort/snort.conf' I get the following:
=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
Running in IDS mode
Log directory =3D /var/log/snort
=20
Initializing Network Interface eth0
=20
--=3D=3D Initializing Snort =3D=3D--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
=20
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
database: compiled support for ( MySQL )
database: configured to use MySQL
database: user =3D snort
database: database name =3D snort
database: host =3D localhost
database: sensor name =3D 192.168.1.100
ERROR: database: MySQL_error: Access denied for user: =
'snort@localhost'<mailto:'snort@localhost'>
(Using
password: NO)
Fatal Error, Quitting..
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
=20
=20
snort.conf has the following entry:
=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
output database: log, MySQL, user=3Dsnort, password=3D********=20
dbname=3Dsnort host=3Dlocalhost=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
=20
=20
MySQL was setup using this line for snort:
=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
grant INSERT,SELECT on root.* to =
snort@localhost<mailto:snort@localhost>; SET PASSWORD FOR=20
=
snort@localhost=3DPASSOWRD('********'<mailto:snort@localhost=3DPASSOWRD(
'=
********'>);
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to=20
snort@localhost<mailto:snort@localhost>; grant =
CREATE,INSERT,SELECT,DELETE,UPDATE on snort.*=20
to snort; =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D
=20
This was a step by step guide I had followed to set this up. I'm=20
hoping someone might be able to see what I'm missing. Thnx
=20
--
=20
Regards
Robert
=20
Smile..... It increases your face value.
=20
=20
=20
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java=20
Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
=
http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>
_______________________________________________
Snort-users mailing list
=
Snort-users@lists.sourceforge.net<mailto:Snort-users@lists.sourceforge.n
e=
t>
Go to this URL to change user options or unsubscribe:
=
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
=
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java =
Enterprise
J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick<http://ads
.=
osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dclick>
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net<mailto:Snort-users@lists.sourceforge.n
e=
t>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<http://www.ge
o=
crawler.com/redir-sf.php3?list=3Dsnort-users>
-- __--__--
Message: 7
From: Juan Fernandez =
<Juan.Fernandez@deltathree.com<mailto:Juan.Fernandez@deltathree.com>>
To: =
"'snort-users@lists.sourceforge.net'<mailto:'snort-users@lists.sourcefor
g=
e.net'>"
<snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.
n=
et>>
Date: Mon, 30 Aug 2004 02:02:19 +0300
Subject: [Snort-users] : setup postfix please help !!!!!!!!!!1
This message is in MIME format. Since your mail reader does not =
understand
this format, some or all of this message may not be legible.
------_=3D_NextPart_001_01C48E1C.3533D7EB
Content-Type: text/plain;
charset=3D"iso-8859-1"
=20
=20
Hi guys,=20
=20
Can someone please send to me his/heres main.cf file so I can take it as
=
an
example to config my postfix on mt snort sesnsors?
=20
I cant configure it aloe I massed up my main.cf file..
=20
Please help...
=20
All I need to configure is that the sensors will pass the mails to my
internal exchange server to my mailbox...
=20
Please help !!!
=20
Thanks !!!
------_=3D_NextPart_001_01C48E1C.3533D7EB
Content-Type: text/html;
charset=3D"iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML =
xmlns=3D"http://www.w3.org/TR/REC-html40<http://www.w3.org/TR/REC-html40
=
" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word"><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1458" name=3DGENERATOR>
<STYLE>@page Section1 {size: 595.3pt 841.9pt; margin: 1.0in 1.25in 1.0in
=
1.25in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: =
"Times New Roman"; unicode-bidi: embed; TEXT-ALIGN: right
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: =
"Times New Roman"; unicode-bidi: embed; TEXT-ALIGN: right
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: =
"Times New Roman"; unicode-bidi: embed; TEXT-ALIGN: right
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
page: Section1
}
</STYLE>
</HEAD>
<BODY lang=3DEN-US vLink=3Dpurple link=3Dblue>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2></FONT> </DIV>
<DIV>
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2></FONT></DIV><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></DIV>
<DIV>
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2></FONT></DIV><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></DIV>
<DIV> </DIV>
<P dir=3Dltr>
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2></FONT></DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hi =
guys,<o:p></o:p></SPAN></FONT>=20
<P></P>
<BLOCKQUOTE dir=3Drtl style=3D"MARGIN-LEFT: 0px">
<DIV class=3DSection1 dir=3Drtl>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Can =
someone please=20
send to me his/heres main.cf file so I can take it as an example to =
config my=20
postfix on mt snort sesnsors?<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">I cant =
configure it=20
aloe I massed up my main.cf file..<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Please=20
help...<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">All I =
need to=20
configure is that the sensors will pass the mails to my internal =
exchange=20
server to my mailbox...<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Please =
help=20
!!!<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal dir=3Dltr=20
style=3D"DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><FONT
=
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks=20
!!!<o:p></o:p></SPAN></FONT></P></DIV></BLOCKQUOTE></BODY></HTML>
------_=3D_NextPart_001_01C48E1C.3533D7EB--
-- __--__--
Message: 8
From: "Andy" <andy@page55.com<mailto:andy@page55.com>>
To: =
<snort-users@lists.sourceforge.net<mailto:snort-users@lists.sourceforge.
n=
et>>
Date: Sun, 29 Aug 2004 18:22:48 -0500
Subject: [Snort-users] glibc dependency errors installing snort
Hi,
I'm having problems installing snort, I'm getting glibc dependency =
errors.
I running RedHat 7.3, trying to install snort-2.1.3-1.i386.rpm
I can't find a newer version of glibc other than 2.2.5 and really don't
=
know
what I'm doing anyway.
Am I having these problems because I'm running RH 7.3? Does snort =
2.1.3-1
run on RH 7.3?
Should I be installing a different package?
[root@tunes snort]# rpm -ivh [root@tunes snort]# rpm -ivh
snort-2.1.3-1.i386.rpm
error: failed dependencies:
libc.so.6(GLIBC_2.3) is needed by snort-2.1.3-1
totally new to this, hope you can help.
Thanks,
Andy
-- __--__--
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net<mailto:Snort-users@lists.sourceforge.n
e=
t>
https://lists.sourceforge.net/lists/listinfo/snort-users<https://lists.s
o=
urceforge.net/lists/listinfo/snort-users>
End of Snort-users Digest
------=_NextPart_000_0030_01C48E0D.6A360260
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type =
content=3Dtext/html;charset=3Diso-8859-1>
<STYLE></STYLE>
<META content=3D"MSHTML 6.00.2800.1458" name=3DGENERATOR></HEAD>
<BODY id=3DMailContainerBody=20
style=3D"PADDING-LEFT: 10px; FONT-WEIGHT: normal; FONT-SIZE: 10pt; =
COLOR: #000000; BORDER-TOP-STYLE: none; PADDING-TOP: 15px; FONT-STYLE: =
normal; FONT-FAMILY: Verdana; BORDER-RIGHT-STYLE: none; =
BORDER-LEFT-STYLE: none; TEXT-DECORATION: none; BORDER-BOTTOM-STYLE: =
none"=20
leftMargin=3D0 topMargin=3D0 acc_role=3D"text" CanvasTabStop=3D"true"=20
name=3D"Compose message area"><!--[gte IE 5]><?xml:namespace =
prefix=3D"v" /><?xml:namespace prefix=3D"o" /><![endif]-->
<DIV>
<DIV>Try this:</DIV>
<DIV> </DIV>
<DIV>mysql> Grant All On snort.* to <A=20
title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>;</DIV>
<DIV> </DIV>
<DIV>or (if you have a password for snort user) </DIV>
<DIV> </DIV>
<DIV>mysql> Grant All On snort.* to <A title=3Dmailto:snort@localhost
=
href=3D"mailto:snort@localhost";>snort@localhost</A> Identified By=20
'password';</DIV>
<DIV> </DIV>
<DIV>[****If you have a password for snort user, you must use Identified
=
By=20
clause]</DIV>
<DIV><BR>Message: 1<BR>From: "Michael Steele" <<A=20
title=3Dmailto:michaels@winsnort.com=20
href=3D"mailto:michaels@winsnort.com";>michaels@winsnort.com</A>><BR>T
o=
: <<A=20
title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A>><BR>Subject:=20
RE: [Snort-users] Snort and MySQL<BR>Date: Sun, 29 Aug 2004 11:52:02=20
-0700<BR><BR>Looks like you have no access to the Snort database. Go =
back and=20
make SURE<BR>you can access the database with the credentials that you =
have in=20
the<BR>snort.conf file on the MySQL output database line.<BR><BR>Kindest
=
regards, <BR>Michael...<BR><BR>WINSNORT.com Management Team Member<BR>--
=
<BR>Pick up your FREE Windows or UNIX Snort installation=20
guides <BR><A=20
title=3Dmailto:support@winsnort.com=20
href=3D"mailto:support@winsnort.com";>mailto:support@winsnort.com</A><BR>
W=
ebsite:=20
<A title=3Dhttp://www.winsnort.com/=20
href=3D"http://www.winsnort.com";>http://www.winsnort.com</A><BR>Snort: =
Open Source=20
Network IDS - <A title=3Dhttp://www.snort.org/=20
href=3D"http://www.snort.org";>http://www.snort.org</A><BR><BR><BR>>=2
0
-----Original Message-----<BR>> From: <A=20
title=3Dmailto:snort-users-admin@lists.sourceforge.net=20
href=3D"mailto:snort-users-admin@lists.sourceforge.net";>snort-users-admi
n=
@lists.sourceforge.net</A>=20
[mailto:snort-users-<BR>> <A =
title=3Dmailto:admin@lists.sourceforge.net=20
href=3D"mailto:admin@lists.sourceforge.net";>admin@lists.sourceforge.net<
/=
A>] On=20
Behalf Of Robert Spangler<BR>> Sent: Sunday, August 29, 2004 10:35 =
AM<BR>>=20
To: <A title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A><BR>>=20
Subject: [Snort-users] Snort and MySQL<BR>> <BR>> Hello,<BR>> =
<BR>>=20
I seem to be having a problem setting up snort to use MySQL =
database.<BR>>=20
<BR>> When I run 'snort -c /etc/snort/snort.conf' I get the=20
following:<BR>> <BR>>=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> Running in IDS=20
mode<BR>> Log directory =3D /var/log/snort<BR>> <BR>> =
Initializing=20
Network Interface eth0<BR>>=20
<BR>> --=3D=3D =
Initializing Snort=20
=3D=3D--<BR>> Initializing Output Plugins!<BR>> Decoding Ethernet
=
on interface=20
eth0<BR>> Initializing Preprocessors!<BR>> Initializing =
Plug-ins!<BR>>=20
Parsing Rules file /etc/snort/snort.conf<BR>> <BR>>=20
+++++++++++++++++++++++++++++++++++++++++++++++++++<BR>> Initializing
=
rule=20
chains...<BR>> database: compiled support for ( MySQL )<BR>> =
database:=20
configured to use MySQL<BR>>=20
database: user =3D
=
snort<BR>> database: database name =3D snort<BR>>=20
database: host =3D
=
localhost<BR>> database: sensor name =3D =
192.168.1.100<BR>>=20
ERROR: database: MySQL_error: Access denied for user: <A=20
title=3D"mailto:'snort@localhost'"=20
href=3D"mailto:'snort@localhost'">'snort@localhost'</A><BR>> =
(Using<BR>>=20
password: NO)<BR>> Fatal Error, Quitting..<BR>>=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> <BR>> <BR>>=20
snort.conf has the following entry:<BR>> <BR>>=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> output database:=20
log, MySQL, user=3Dsnort, password=3D******** dbname=3Dsnort<BR>>=20
host=3Dlocalhost<BR>>=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> <BR>> <BR>>=20
MySQL was setup using this line for snort:<BR>> <BR>>=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> grant INSERT,SELECT=20
on root.* to <A title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>;<BR>> SET =
PASSWORD FOR <A=20
title=3D"mailto:snort@localhost=3DPASSOWRD('********'"=20
href=3D"mailto:snort@localhost=3DPASSOWRD('********'">snort@localhost=3D
P=
ASSOWRD('********'</A>);<BR>>=20
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to <A=20
title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>;<BR>> grant=20
CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;<BR>>=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> <BR>> This was a=20
step by step guide I had followed to set this up. I'm =
hoping<BR>>=20
someone might be able to see what I'm missing. Thnx<BR>> =
<BR>>=20
--<BR>> <BR>> Regards<BR>> Robert<BR>> <BR>> =
Smile..... It=20
increases your face value.<BR>> <BR>> <BR>> <BR>>=20
-------------------------------------------------------<BR>> This =
SF.Net=20
email is sponsored by BEA Weblogic Workshop<BR>> FREE Java Enterprise
=
J2EE=20
developer tools!<BR>> Get your free copy of BEA WebLogic Workshop 8.1
=
today.<BR>> <A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dcl
i=
ck</A><BR>>=20
_______________________________________________<BR>> Snort-users =
mailing=20
list<BR>> <A title=3Dmailto:Snort-users@lists.sourceforge.net=20
href=3D"mailto:Snort-users@lists.sourceforge.net";>Snort-users@lists.sour
c=
eforge.net</A><BR>>=20
Go to this URL to change user options or unsubscribe:<BR>> <A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>>=20
Snort-users list archive:<BR>> <A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR><BR><BR><BR
=
<BR><BR>-- __--__-- <BR><BR>Message:=20
2<BR>From: "pfeito" <<A title=3Dmailto:pfeito@netcabo.pt=20
href=3D"mailto:pfeito@netcabo.pt";>pfeito@netcabo.pt</A>><BR>To: =
"'Keith W.=20
McCammon'" <<A title=3Dmailto:mccammon@gmail.com=20
href=3D"mailto:mccammon@gmail.com";>mccammon@gmail.com</A>>,<BR><<A
=
title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A>>,<BR><<A=20
title=3Dmailto:hackerwacker@cybermesa.com=20
href=3D"mailto:hackerwacker@cybermesa.com";>hackerwacker@cybermesa.com</A
=
><BR>Subject:=20
RE: [Snort-users] Slow down TCP connections<BR>Date: Sun, 29 Aug 2004 =
20:13:54=20
+0100<BR><BR>I don't really have a final purpose, I'm just digging out =
what=20
proactive<BR>stuff there is out there for Snort. <BR>I don't need it, I
=
just=20
thought of it, as an example of proactive<BR>functionality and wanted to
=
find=20
out if there is such thing. I guess it is<BR>kind of stupid.... although
=
it=20
could be useful in an snort+honeypot<BR>scenario. Don't really put much
=
though=20
in it.<BR><BR>> Why are you seeking and IDS to do traffic queueing =
?<BR>No.=20
That would be like trying to cut a steak with a spoon :P
!<BR><BR>>=20
-----Original Message-----<BR>> From: <A=20
title=3Dmailto:snort-users-admin@lists.sourceforge.net=20
href=3D"mailto:snort-users-admin@lists.sourceforge.net";>snort-users-admi
n=
@lists.sourceforge.net</A>=20
[mailto:snort-users-<BR>> <A =
title=3Dmailto:admin@lists.sourceforge.net=20
href=3D"mailto:admin@lists.sourceforge.net";>admin@lists.sourceforge.net<
/=
A>] On=20
Behalf Of Keith W. McCammon<BR>> Sent: domingo, 29 de Agosto de
2004=20
18:14<BR>> To: <A title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A><BR>>=20
Subject: Re: [Snort-users] Slow down TCP connections<BR>> <BR>> =
> Right=20
know, I've just compiled and installed snort 2.2.0 with =
flexresp2<BR>> >=20
support. I'm about to test flexresp2 capabilities, but It seems to =
have<BR>>=20
no<BR>> > support for slowing down TCP connections (i.e. for =
slowing down=20
TCP<BR>> Scans<BR>> > for instance...)<BR>> <BR>> Why =
would Snort=20
want to "slow down" a TCP scan? Snort will catch it,<BR>> and =
under=20
certain circumstances, flexresp2 can reset those<BR>> =
connections. =20
That's pretty much the extent of Snort's involvement.<BR>> <BR>> =
> Do=20
you know any plug-in that allows Snort to slow down TCP =
connections<BR>>=20
speed<BR>> > (i.e. resize TCP window size) ?<BR>> <BR>> =
No. =20
What would you accomplish by doing this? Either block the<BR>>
=
traffic=20
or don't. Slowing it down won't really get you anywhere<BR>> =
(it'll=20
just take the attacker longer to do the same thing).<BR>> <BR>> =
<BR>>=20
-------------------------------------------------------<BR>> This =
SF.Net=20
email is sponsored by BEA Weblogic Workshop<BR>> FREE Java Enterprise
=
J2EE=20
developer tools!<BR>> Get your free copy of BEA WebLogic Workshop 8.1
=
today.<BR>> <A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dcl
i=
ck</A><BR>>=20
_______________________________________________<BR>> Snort-users =
mailing=20
list<BR>> <A title=3Dmailto:Snort-users@lists.sourceforge.net=20
href=3D"mailto:Snort-users@lists.sourceforge.net";>Snort-users@lists.sour
c=
eforge.net</A><BR>>=20
Go to this URL to change user options or unsubscribe:<BR>> <A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>>=20
Snort-users list archive:<BR>> <A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR><BR><BR><BR
=
<BR>-- __--__-- <BR><BR>Message:=20
3<BR>From: "Jim Hendrick" <<A title=3Dmailto:jrhendri@maine.rr.com=20
href=3D"mailto:jrhendri@maine.rr.com";>jrhendri@maine.rr.com</A>><BR>T
o=
:=20
"'pfeito'" <<A title=3Dmailto:pfeito@netcabo.pt=20
href=3D"mailto:pfeito@netcabo.pt";>pfeito@netcabo.pt</A>>, <<A=20
title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A>><BR>Subject:=20
RE: [Snort-users] Slow down TCP connections<BR>Date: Sun, 29 Aug 2004 =
16:22:28=20
-0400<BR><BR>If you are looking to slow down scans, try a tarpit
(e.g.=20
labrea)<BR>flexrsp is really designed to reset TCP connections to halt =
an=20
attack.<BR><BR>-----Original Message-----<BR>From: <A=20
title=3Dmailto:snort-users-admin@lists.sourceforge.net=20
href=3D"mailto:snort-users-admin@lists.sourceforge.net";>snort-users-admi
n=
@lists.sourceforge.net</A><BR>[mailto:snort-users-admin@lists.sourceforg
e=
.net]=20
On Behalf Of pfeito<BR>Sent: Sunday, August 29, 2004 12:57 PM<BR>To:
<A=20
title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A><BR>Subject:=20
[Snort-users] Slow down TCP connections<BR><BR><BR>Hi Guys,<BR><BR>I'm =
searching=20
for pro-active plug-ins for Snort.=3D20<BR><BR>Right know, I've just =
compiled and=20
installed snort 2.2.0 with flexresp2<BR>support. I'm about to test =
flexresp2=20
capabilities, but It seems to have =3D<BR>no<BR>support for slowing down
=
TCP=20
connections (i.e. for slowing down TCP =3D<BR>Scans<BR>for =
instance...)<BR><BR>Do=20
you know any plug-in that allows Snort to slow down TCP connections=20
=3D<BR>speed<BR>(i.e. resize TCP window size)=20
?<BR><BR>Thanks,<BR>-pfeito<BR><BR><BR><BR><BR>-------------------------
-=
-----------------------------<BR>This=20
SF.Net email is sponsored by BEA Weblogic Workshop<BR>FREE Java =
Enterprise J2EE=20
developer tools!<BR>Get your free copy of BEA WebLogic Workshop 8.1 =
today.<BR><A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D3D5047&alloc_id=3D3D10808&o
p=
=3D3Dclick=20
href=3D"http://ads.osdn.com/?ad_id=3D3D5047&alloc_id=3D3D10808&o
p=
=3D3Dclick">http://ads.osdn.com/?ad_id=3D3D5047&alloc_id=3D3D10808&a
m=
p;op=3D3Dclick</A><BR>_______________________________________________<BR
=
Snort-users=20
mailing list<BR><A title=3Dmailto:Snort-users@lists.sourceforge.net=20
href=3D"mailto:Snort-users@lists.sourceforge.net";>Snort-users@lists.sour
c=
eforge.net</A><BR>Go=20
to this URL to change user options or unsubscribe:<BR><A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>Snort-users=20
list archive:<BR><A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3D3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3D3Dsnort-users";>ht
t=
p://www.geocrawler.com/redir-sf.php3?list=3D3Dsnort-users</A><BR><BR><BR
=
<BR><BR>-- __--__-- <BR><BR>Message:=20
4<BR>From: "pfeito" <<A title=3Dmailto:pfeito@netcabo.pt=20
href=3D"mailto:pfeito@netcabo.pt";>pfeito@netcabo.pt</A>><BR>To: "'Jim
=
Hendrick'" <<A title=3Dmailto:jrhendri@maine.rr.com=20
href=3D"mailto:jrhendri@maine.rr.com";>jrhendri@maine.rr.com</A>>,<BR>
&=
lt;<A=20
title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A>><BR>Subject:=20
RE: [Snort-users] Slow down TCP connections<BR>Date: Sun, 29 Aug 2004 =
21:36:32=20
+0100<BR><BR>That's a cool thing to play around. But right now I'm only
=
studying=20
plugins<BR>or modules for Snort. The slow down functionality was only =
one I=20
example I<BR>thought, but it seems not to make sense in a IDS. I'm =
concentrating=20
right<BR>now in developing one or two demos with=20
flexresp.<BR>Thanks,<BR>-pfeito<BR><BR><BR>> -----Original=20
Message-----<BR>> From: Jim Hendrick =
[mailto:jrhendri@maine.rr.com]<BR>>=20
Sent: domingo, 29 de Agosto de 2004 21:22<BR>> To: 'pfeito'; <A=20
title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A><BR>>=20
Subject: RE: [Snort-users] Slow down TCP connections<BR>> <BR>> If
=
you are=20
looking to slow down scans, try a tarpit (e.g. labrea)<BR>> flexrsp =
is really=20
designed to reset TCP connections to halt an attack.<BR>> <BR>>=20
-----Original Message-----<BR>> From: <A=20
title=3Dmailto:snort-users-admin@lists.sourceforge.net=20
href=3D"mailto:snort-users-admin@lists.sourceforge.net";>snort-users-admi
n=
@lists.sourceforge.net</A><BR>>=20
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of =
pfeito<BR>>=20
Sent: Sunday, August 29, 2004 12:57 PM<BR>> To: <A=20
title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A><BR>>=20
Subject: [Snort-users] Slow down TCP connections<BR>> <BR>> =
<BR>> Hi=20
Guys,<BR>> <BR>> I'm searching for pro-active plug-ins for =
Snort.<BR>>=20
<BR>> Right know, I've just compiled and installed snort 2.2.0
with=20
flexresp2<BR>> support. I'm about to test flexresp2 capabilities, but
=
It=20
seems to have no<BR>> support for slowing down TCP connections (i.e.
=
for=20
slowing down TCP Scans<BR>> for instance...)<BR>> <BR>> Do you
=
know any=20
plug-in that allows Snort to slow down TCP connections<BR>> =
speed<BR>>=20
(i.e. resize TCP window size) ?<BR>> <BR>> Thanks,<BR>> =
-pfeito<BR>>=20
<BR>> <BR>> <BR>> <BR>>=20
-------------------------------------------------------<BR>> This =
SF.Net=20
email is sponsored by BEA Weblogic Workshop<BR>> FREE Java Enterprise
=
J2EE=20
developer tools!<BR>> Get your free copy of BEA WebLogic Workshop 8.1
=
today.<BR>> <A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dcl
i=
ck</A><BR>>=20
_______________________________________________<BR>> Snort-users =
mailing=20
list<BR>> <A title=3Dmailto:Snort-users@lists.sourceforge.net=20
href=3D"mailto:Snort-users@lists.sourceforge.net";>Snort-users@lists.sour
c=
eforge.net</A><BR>>=20
Go to this URL to change user options or unsubscribe:<BR>> <A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>>=20
Snort-users list archive:<BR>> <A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR>>=20
<BR><BR><BR><BR><BR><BR>-- __--__-- <BR><BR>Message: 5<BR>From: "Patrick
=
S.=20
Harper" <<A title=3Dmailto:patrick@internetsecurityguru.com=20
href=3D"mailto:patrick@internetsecurityguru.com";>patrick@internetsecurit
y=
guru.com</A>><BR>To:=20
"'Miikka Hattberg'" <<A title=3Dmailto:miikka@miikkah.org=20
href=3D"mailto:miikka@miikkah.org";>miikka@miikkah.org</A>>,<BR>
&=
nbsp;=20
<<A title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A>><BR>Subject:=20
RE: [Snort-users] Snort and MySQL<BR>Date: Sun, 29 Aug 2004 16:03:54=20
-0500<BR><BR>Not if you have your conf file set up right. The =
output=20
database line has<BR>that info. <BR><BR><BR><BR>Patrick S. Harper
=
| CISSP=20
RHCT MCSE<BR><A title=3Dhttp://www.internetsecurityguru.com/=20
href=3D"http://www.internetsecurityguru.com";>www.internetsecurityguru.co
m=
</A><BR><BR><A=20
title=3Dhttp://www.ntsug.org/ =
href=3D"http://www.ntsug.org";>www.ntsug.org</A> -=20
Snort Users Group<BR><BR>"If there is no light at the end of the tunnel,
=
get=20
down there and light the<BR>damn thing =
yourself!"<BR> <BR>-----Original=20
Message-----<BR>From: <A =
title=3Dmailto:snort-users-admin@lists.sourceforge.net=20
href=3D"mailto:snort-users-admin@lists.sourceforge.net";>snort-users-admi
n=
@lists.sourceforge.net</A><BR>[mailto:snort-users-admin@lists.sourceforg
e=
.net]=20
On Behalf Of Miikka<BR>Hattberg<BR>Sent: Sunday, August 29, 2004 1:49 =
PM<BR>To:=20
<A title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A><BR>Subject:=20
Re: [Snort-users] Snort and MySQL<BR><BR><BR>I might be totally off, but
=
shouldn't you specify the MySQL username in the<BR>command whe you start
=
snort.<BR>like ' snort -u snort -c /etc/snort/snort.conf=20
'<BR><BR>m.<BR><BR>Robert Spangler =
wrote:<BR><BR>>Hello,<BR>><BR>>I=20
seem to be having a problem setting up snort to use MySQL=20
database.<BR>><BR>>When I run 'snort -c =
/etc/snort/snort.conf' I get=20
the=20
following:<BR>><BR>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>>Running=20
in IDS mode<BR>>Log directory =3D =
/var/log/snort<BR>><BR>>Initializing=20
Network Interface =
eth0<BR>><BR>> =20
--=3D=3D Initializing Snort =3D=3D--<BR>>Initializing Output =
Plugins!<BR>>Decoding=20
Ethernet on interface eth0<BR>>Initializing=20
Preprocessors!<BR>>Initializing Plug-ins!<BR>>Parsing Rules
file=20
/etc/snort/snort.conf<BR>><BR>>+++++++++++++++++++++++++++++++++++
+=
+++++++++++++++<BR>>Initializing=20
rule chains...<BR>>database: compiled support for ( MySQL =
)<BR>>database:=20
configured to use=20
MySQL<BR>>database: &n
b=
sp;=20
user =3D snort<BR>>database: database name =3D=20
snort<BR>>database: &n
b=
sp;=20
host =3D localhost<BR>>database: sensor name =3D=20
192.168.1.100<BR>>ERROR: database: MySQL_error: Access denied for =
user: <A=20
title=3D"mailto:'snort@localhost'"=20
href=3D"mailto:'snort@localhost'">'snort@localhost'</A>=20
<BR>>(Using<BR>>password: NO)<BR>>Fatal Error,=20
Quitting..<BR>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D<BR>><BR>><BR>>snort.conf=20
has the following=20
entry:<BR>><BR>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>>output=20
database: log, MySQL, user=3Dsnort, password=3D********
dbname=3Dsnort=20
<BR>>host=3Dlocalhost=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>><BR>><BR>>MySQL=20
was setup using this line for=20
snort:<BR>><BR>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>>grant=20
INSERT,SELECT on root.* to <A title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>; SET PASSWORD FOR=20
<BR>>snort@localhost=3DPASSOWRD('********');<BR>>grant=20
CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to <A =
title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>; <BR>>grant=20
CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;=20
<BR>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D<BR>><BR>>This=20
was a step by step guide I had followed to set this up. I'm =
<BR>>hoping=20
someone might be able to see what I'm missing. =
Thnx<BR>><BR>> =20
<BR>><BR><BR><BR><BR>------------------------------------------------
-=
------<BR>This=20
SF.Net email is sponsored by BEA Weblogic Workshop FREE Java =
Enterprise<BR>J2EE=20
developer tools!<BR>Get your free copy of BEA WebLogic Workshop 8.1 =
today.<BR><A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dcl
i=
ck</A><BR>_______________________________________________<BR>Snort-users
=
mailing list<BR><A title=3Dmailto:Snort-users@lists.sourceforge.net=20
href=3D"mailto:Snort-users@lists.sourceforge.net";>Snort-users@lists.sour
c=
eforge.net</A><BR>Go=20
to this URL to change user options or unsubscribe:<BR><A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>Snort-users=20
list archive:<BR><A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR><BR><BR><BR
=
-- __--__-- <BR><BR>Message:=20
6<BR>From: "Patrick S. Harper" <<A=20
title=3Dmailto:patrick@internetsecurityguru.com=20
href=3D"mailto:patrick@internetsecurityguru.com";>patrick@internetsecurit
y=
guru.com</A>><BR>To:=20
"'Michael Steele'" <<A title=3Dmailto:michaels@winsnort.com=20
href=3D"mailto:michaels@winsnort.com";>michaels@winsnort.com</A>>,<BR>
&=
nbsp; =20
<<A title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A>>,<BR> =20
"'Robert Spangler'" <<A title=3Dmailto:bms@zoominternet.net=20
href=3D"mailto:bms@zoominternet.net";>bms@zoominternet.net</A>><BR>Sub
j=
ect: RE:=20
[Snort-users] Snort and MySQL<BR>Date: Sun, 29 Aug 2004 16:09:55=20
-0500<BR><BR> <BR>It looks like for some reason he did not give it
=
a=20
password in the conf<BR>file. The "using password: NO" is the tip
=
off I=20
believe. As well as the<BR>other output, it should look like
the=20
following. Notice the "Database:<BR>password is set". He =
does not=20
get that, but the other error at the end<BR>about using no =
password.. =20
<BR><BR>What does your output line in your conf file look=20
like?<BR><BR><BR>database: compiled support for ( mysql
)<BR>database:=20
configured to use=20
mysql<BR>database:
=
user =3D=20
snort<BR>database: password is set<BR>database: database name =3D=20
snort<BR>database:
=
host =3D=20
localhost<BR>database: sensor name =3D=20
208.14.28.12<BR>database: sensor id =3D =
2<BR>database:=20
inconsistent cid information for=20
sid=3D2<BR> =
Recovering by=20
rolling forward the cid=3D35585<BR><BR><BR><BR>Patrick S. Harper | CISSP
=
RHCT=20
MCSE<BR><A title=3Dhttp://www.internetsecurityguru.com/=20
href=3D"http://www.internetsecurityguru.com";>www.internetsecurityguru.co
m=
</A><BR><BR><A=20
title=3Dhttp://www.ntsug.org/ =
href=3D"http://www.ntsug.org";>www.ntsug.org</A> -=20
Snort Users Group<BR><BR>"If there is no light at the end of the tunnel,
=
get=20
down there and light the<BR>damn thing =
yourself!"<BR> <BR>-----Original=20
Message-----<BR>From: <A =
title=3Dmailto:snort-users-admin@lists.sourceforge.net=20
href=3D"mailto:snort-users-admin@lists.sourceforge.net";>snort-users-admi
n=
@lists.sourceforge.net</A><BR>[mailto:snort-users-admin@lists.sourceforg
e=
.net]=20
On Behalf Of Michael Steele<BR>Sent: Sunday, August 29, 2004 1:52 =
PM<BR>To: <A=20
title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A><BR>Subject:=20
RE: [Snort-users] Snort and MySQL<BR><BR>Looks like you have no access =
to the=20
Snort database. Go back and make SURE<BR>you can access the database =
with the=20
credentials that you have in the<BR>snort.conf file on the MySQL output
=
database=20
line.<BR><BR>Kindest regards,<BR>Michael...<BR><BR>WINSNORT.com =
Management Team=20
Member<BR>-- <BR>Pick up your FREE Windows or UNIX Snort installation=20
guides <BR><A=20
title=3Dmailto:support@winsnort.com=20
href=3D"mailto:support@winsnort.com";>mailto:support@winsnort.com</A><BR>
W=
ebsite:=20
<A title=3Dhttp://www.winsnort.com/=20
href=3D"http://www.winsnort.com";>http://www.winsnort.com</A><BR>Snort: =
Open Source=20
Network IDS - <A title=3Dhttp://www.snort.org/=20
href=3D"http://www.snort.org";>http://www.snort.org</A><BR><BR><BR>>=2
0
-----Original Message-----<BR>> From: <A=20
title=3Dmailto:snort-users-admin@lists.sourceforge.net=20
href=3D"mailto:snort-users-admin@lists.sourceforge.net";>snort-users-admi
n=
@lists.sourceforge.net</A>=20
[mailto:snort-users- <BR>> <A =
title=3Dmailto:admin@lists.sourceforge.net=20
href=3D"mailto:admin@lists.sourceforge.net";>admin@lists.sourceforge.net<
/=
A>] On=20
Behalf Of Robert Spangler<BR>> Sent: Sunday, August 29, 2004 10:35 =
AM<BR>>=20
To: <A title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A><BR>>=20
Subject: [Snort-users] Snort and MySQL<BR>> <BR>> Hello,<BR>> =
<BR>>=20
I seem to be having a problem setting up snort to use MySQL =
database.<BR>>=20
<BR>> When I run 'snort -c /etc/snort/snort.conf' I get the=20
following:<BR>> <BR>>=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> Running in IDS=20
mode<BR>> Log directory =3D /var/log/snort<BR>> <BR>> =
Initializing=20
Network Interface eth0<BR>>=20
<BR>> --=3D=3D =
Initializing Snort=20
=3D=3D--<BR>> Initializing Output Plugins!<BR>> Decoding Ethernet
=
on interface=20
eth0<BR>> Initializing Preprocessors!<BR>> Initializing =
Plug-ins!<BR>>=20
Parsing Rules file /etc/snort/snort.conf<BR>> <BR>>=20
+++++++++++++++++++++++++++++++++++++++++++++++++++<BR>> Initializing
=
rule=20
chains...<BR>> database: compiled support for ( MySQL )<BR>> =
database:=20
configured to use MySQL<BR>>=20
database: user =3D
=
snort<BR>> database: database name =3D snort<BR>>=20
database: host =3D
=
localhost<BR>> database: sensor name =3D =
192.168.1.100<BR>>=20
ERROR: database: MySQL_error: Access denied for user: <A=20
title=3D"mailto:'snort@localhost'"=20
href=3D"mailto:'snort@localhost'">'snort@localhost'</A><BR>> =
(Using<BR>>=20
password: NO)<BR>> Fatal Error, Quitting..<BR>>=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> <BR>> <BR>>=20
snort.conf has the following entry:<BR>> <BR>>=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> output database:=20
log, MySQL, user=3Dsnort, password=3D******** <BR>> dbname=3Dsnort =
host=3Dlocalhost=20
<BR>> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> <BR>>=20
<BR>> MySQL was setup using this line for snort:<BR>> <BR>>=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> grant INSERT,SELECT=20
on root.* to <A title=3Dmailto:snort@localhost=20
href=3D"mailto:snort@localhost";>snort@localhost</A>; SET PASSWORD FOR =
<BR>> <A=20
title=3D"mailto:snort@localhost=3DPASSOWRD('********'"=20
href=3D"mailto:snort@localhost=3DPASSOWRD('********'">snort@localhost=3D
P=
ASSOWRD('********'</A>);<BR>>=20
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to <BR>> <A=20
title=3Dmailto:snort@localhost =
href=3D"mailto:snort@localhost";>snort@localhost</A>;=20
grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* <BR>> to
snort;=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D<BR>> <BR>> This was a=20
step by step guide I had followed to set this up. I'm <BR>> =
hoping=20
someone might be able to see what I'm missing. Thnx<BR>> =
<BR>>=20
--<BR>> <BR>> Regards<BR>> Robert<BR>> <BR>> =
Smile..... It=20
increases your face value.<BR>> <BR>> <BR>> <BR>>=20
-------------------------------------------------------<BR>> This =
SF.Net=20
email is sponsored by BEA Weblogic Workshop FREE Java <BR>> =
Enterprise J2EE=20
developer tools!<BR>> Get your free copy of BEA WebLogic Workshop 8.1
=
today.<BR>> <A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dcl
i=
ck</A><BR>>=20
_______________________________________________<BR>> Snort-users =
mailing=20
list<BR>> <A title=3Dmailto:Snort-users@lists.sourceforge.net=20
href=3D"mailto:Snort-users@lists.sourceforge.net";>Snort-users@lists.sour
c=
eforge.net</A><BR>>=20
Go to this URL to change user options or unsubscribe:<BR>> <A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>>=20
Snort-users list archive:<BR>> <A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR><BR><BR><BR
=
<BR><BR>-------------------------------------------------------<BR>This=
20
SF.Net email is sponsored by BEA Weblogic Workshop FREE Java =
Enterprise<BR>J2EE=20
developer tools!<BR>Get your free copy of BEA WebLogic Workshop 8.1 =
today.<BR><A=20
title=3Dhttp://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick=20
href=3D"http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3D
c=
lick">http://ads.osdn.com/?ad_id=3D5047&alloc_id=3D10808&op=3Dcl
i=
ck</A><BR>_______________________________________________<BR>Snort-users
=
mailing list<BR><A title=3Dmailto:Snort-users@lists.sourceforge.net=20
href=3D"mailto:Snort-users@lists.sourceforge.net";>Snort-users@lists.sour
c=
eforge.net</A><BR>Go=20
to this URL to change user options or unsubscribe:<BR><A=20
title=3Dhttps://lists.sourceforge.net/lists/listinfo/snort-users=20
href=3D"https://lists.sourceforge.net/lists/listinfo/snort-users";>https:
/=
/lists.sourceforge.net/lists/listinfo/snort-users</A><BR>Snort-users=20
list archive:<BR><A=20
title=3Dhttp://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users";>http
:=
//www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</A><BR><BR><BR><BR
=
-- __--__-- <BR><BR>Message:=20
7<BR>From: Juan Fernandez <<A =
title=3Dmailto:Juan.Fernandez@deltathree.com=20
href=3D"mailto:Juan.Fernandez@deltathree.com";>Juan.Fernandez@deltathree.
c=
om</A>><BR>To:=20
"<A title=3D"mailto:'snort-users@lists.sourceforge.net'"=20
href=3D"mailto:'snort-users@lists.sourceforge.net'">'snort-users@lists.s
o=
urceforge.net'</A>"<BR><<A=20
title=3Dmailto:snort-users@lists.sourceforge.net=20
href=3D"mailto:snort-users@lists.sourceforge.net";>snort-users@lists.sour
c=
eforge.net</A>><BR>Date:=20
Mon, 30 Aug 2004 02:02:19 +0300<BR>Subject: [Snort-users] : setup
=
postfix=20
please help !!!!!!!!!!1<BR><BR>This message is in MIME format. Since =
your mail=20
reader does not understand<BR>this format, some or all of this message =
may not=20
be =
legible.<BR><BR>------_=3D_NextPart_001_01C48E1C.3533D7EB<BR>Content-Typ
e=
:=20
text/plain;<BR>charset=3D"iso-8859-1"<BR><BR> <BR> <BR><BR><BR
=
Hi guys,=20
<BR><BR> <BR><BR>Can someone please send to me his/heres main.cf =
file so I=20
can take it as an<BR>example to config my postfix on mt snort=20
sesnsors?<BR><BR> <BR><BR>I cant configure it aloe I massed up my =
main.cf=20
file..<BR><BR> <BR><BR>Please help...<BR><BR> <BR><BR>All I =
need to=20
configure is that the sensors will pass the mails to my<BR>internal =
exchange=20
server to my mailbox...<BR><BR> <BR><BR>Please help=20
!!!<BR><BR> <BR><BR>Thanks=20
!!!<BR><BR><BR>------_=3D_NextPart_001_01C48E1C.3533D7EB<BR>Content-Type
:=
=20
text/html;<BR>charset=3D"iso-8859-1"<BR><BR><!DOCTYPE HTML PUBLIC =
"-//W3C//DTD=20
HTML 4.0 Transitional//EN"><BR><HTML xmlns=3D"<A=20
title=3Dhttp://www.w3.org/TR/REC-html40=20
href=3D"http://www.w3.org/TR/REC-html40";>http://www.w3.org/TR/REC-html40
<=
/A>"=20
xmlns:o =3D <BR>"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
<BR>"urn:schemas-microsoft-com:office:word"><HEAD><BR><META=
20
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;=20
charset=3Diso-8859-1"><BR><BR><BR><META content=3D"MSHTML =
6.00.2800.1458"=20
name=3DGENERATOR><BR><STYLE>@page Section1 {size: 595.3pt =
841.9pt;=20
margin: 1.0in 1.25in 1.0in 1.25in; }<BR>P.MsoNormal {<BR>FONT-SIZE: =
12pt;=20
MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: "Times New Roman";=20
unicode-bidi: embed; TEXT-ALIGN: right<BR>}<BR>LI.MsoNormal =
{<BR>FONT-SIZE:=20
12pt; MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: "Times New =
Roman";=20
unicode-bidi: embed; TEXT-ALIGN: right<BR>}<BR>DIV.MsoNormal =
{<BR>FONT-SIZE:=20
12pt; MARGIN: 0in 0in 0pt; DIRECTION: rtl; FONT-FAMILY: "Times New =
Roman";=20
unicode-bidi: embed; TEXT-ALIGN: right<BR>}<BR>A:link {<BR>COLOR:
blue;=20
TEXT-DECORATION: underline<BR>}<BR>SPAN.MsoHyperlink {<BR>COLOR:
blue;=20
TEXT-DECORATION: underline<BR>}<BR>A:visited {<BR>COLOR: purple;=20
TEXT-DECORATION: underline<BR>}<BR>SPAN.MsoHyperlinkFollowed {<BR>COLOR:
=
purple;=20
TEXT-DECORATION: underline<BR>}<BR>SPAN.EmailStyle17 {<BR>COLOR: =
windowtext;=20
FONT-FAMILY: Arial; mso-style-type: =
personal-compose<BR>}<BR>DIV.Section1=20
{<BR>page:
Section1<BR>}<BR></STYLE><BR></HEAD><BR><BODY=20
lang=3DEN-US vLink=3Dpurple link=3Dblue><BR><DIV><FONT =
face=3DArial=20
color=3D#0000ff=20
size=3D2></FONT>&nbsp;</DIV><BR><DIV><BR><DI
V=
=20
class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
<BR>size=3D2></FONT></DIV><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></DIV><BR><DIV><BR><DIV=20
class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
<BR>size=3D2></FONT></DIV><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></DIV><BR><DIV>&nbsp;</DIV&g
t=
;<BR><P=20
dir=3Dltr><BR><DIV class=3DOutlookMessageHeader dir=3Dltr =
align=3Dleft><FONT=20
face=3DTahoma <BR>size=3D2></FONT></DIV><FONT =
face=3DArial=20
size=3D2><SPAN <BR>style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Hi=20
guys,<o:p></o:p></SPAN></FONT>=20
<BR><P></P><BR><BLOCKQUOTE dir=3Drtl =
style=3D"MARGIN-LEFT:=20
0px"><BR> <DIV class=3DSection1 dir=3Drtl><BR> =
<P=20
class=3DMsoNormal dir=3Dltr <BR> style=3D"DIRECTION: ltr; =
unicode-bidi: embed;=20
TEXT-ALIGN: left"><FONT face=3DArial <BR> =
size=3D2><SPAN=20
<BR> style=3D"FONT-SIZE: 10pt; FONT-FAMILY:=20
Arial"><o:p>&nbsp;</o:p></SPAN></FONT><
;=
/P><BR> =20
<P class=3DMsoNormal dir=3Dltr <BR> style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"><FONT face=3DArial <BR> =
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Can someone please =
<BR> =20
send to me his/heres main.cf file so I can take it as an example to =
config my=20
<BR> postfix on mt snort=20
sesnsors?<o:p></o:p></SPAN></FONT></P><BR>
&=
nbsp;=20
<P class=3DMsoNormal dir=3Dltr <BR> style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"><FONT face=3DArial <BR> =
size=3D2><SPAN=20
<BR> style=3D"FONT-SIZE: 10pt; FONT-FAMILY:=20
Arial"><o:p>&nbsp;</o:p></SPAN></FONT><
;=
/P><BR> =20
<P class=3DMsoNormal dir=3Dltr <BR> style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"><FONT face=3DArial <BR> =
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">I cant configure it =
<BR> =20
aloe I massed up my main.cf=20
file..<o:p></o:p></SPAN></FONT></P><BR>&nb
s=
p;=20
<P class=3DMsoNormal dir=3Dltr <BR> style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"><FONT face=3DArial <BR> =
size=3D2><SPAN=20
<BR> style=3D"FONT-SIZE: 10pt; FONT-FAMILY:=20
Arial"><o:p>&nbsp;</o:p></SPAN></FONT><
;=
/P><BR> =20
<P class=3DMsoNormal dir=3Dltr <BR> style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"><FONT face=3DArial <BR> =
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Please <BR> =20
help...<o:p></o:p></SPAN></FONT></P><BR>&n
b=
sp;=20
<P class=3DMsoNormal dir=3Dltr <BR> style=3D"DIRECTION: ltr; =
unicode-bidi:=20
embed; TEXT-ALIGN: left"><FONT face=3DArial <BR> =
size=3D2><SPAN=20
<BR>&nb 