Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-users] MYSQL error even though I used --with-mysql

from [William Fitzgerald] Network Security [Permanent Link]
Subject: RE: [Snort-users] MYSQL error even though I used --with-mysql
Date: Fri, 28 Jan 2005 09:10:21 -0000 
Heinrich et al,

I will look into this.

I persumed all snort.conf was doing was passing arguments to the mysql
command line as if I was typing:
mysql -h localhost - u snu -p snort directly to the console.

of course if I type this command into the console I do in fact get access.
so as you say I may need to configure mysql directly to allow arguments from
snort. I followed the book by Rehman "intrusion detection systems with
snort" in chapter 4 that describes mysql integration. but as I said before
maybe its best not to take the instructions as gospel ;-)

anyhow, I will keep you posted.
and Heinrich, thanks for taking the time to help me.
regards,
Will.


-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net]On Behalf Of Heinrich
Lieker
Sent: 28 January 2005 09:00
To: wfitzgerald@tssg.org
Cc: snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] MYSQL error even though I used --with-mysql


Hi!

When do you get the ERROR?
I think you have to configure the user/host-access list for your
MySQL-server. Maybe you should read the MySQL-manual for further hints.
I'm using PostgreSQL, so I can't tell you, where you have to change
entries.

regards,
Heinrich

Am Fr, den 28.01.2005 schrieb William Fitzgerald um 9:38:

Heinrich,

I seem to be getting better results now with the command
./configure --prefix=/opt/snort --with-mysql  --enable-wireless

what I done after I ran this was a "make clean" and when I ran a "make" it
took at lot longer.
I guess it shows that you should never follow the instructions
(configure,make make install) with a 100% certainty ;-)

I am getting much better results but I am still not all the way there!!

database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snu
database: password is set
database: database name = snort
database:          host = 127.0.0.1
database:   sensor name = unknown:ath0
ERROR: database: mysql_error: #HY000Host 'localhost.localdomain' is not
allowed to connect to this MySQL server
Fatal Error, Quitting..

any idea's?

regards,
Will.


-----Original Message-----
From: Heinrich Lieker [mailto:hlieker@dohle.com]
Sent: 28 January 2005 07:02
To: wfitzgerald@tssg.org
Subject: Re: [Snort-users] MYSQL error even though I used --with-mysql


Hello!

Did you try to write this:

./configure --prefix=/opt/snort --with-mysql=/usr/local/mysql
--enable-wireless

You have to tell the configure-script, where your mysql installation is.

regards,
Heinrich

Am Do, den 27.01.2005 schrieb William Fitzgerald um 17:11:

Hi all,

I am getting error
database: compiled support for ( )
database: configured to use mysql
database: 'mysql' support is not compiled into this build of snort

BUT I configured the snort version 2.1.1 as follows:
./configure --prefix=/opt/snort --with-mysql  --enable-wireless
make
make install

I then start mysql which i have aready installed the snort database

tables.


I then run snort as follows:
/opt/snort/bin/snort -c /opt/snort/etc/snort.conf -i ath0
and I get the above error.

in a book called "intrusion detection systems with snort" by Rafeeq Ur
Rehman it is stated inorder to support mysql you need to configure as
follows:
./configure --prefix=/opt/snort --with-mysql=/usr/include/mysql (chaper

4

page 151)
his book uses --with-mysql=/usr/lib/mysql but on this debian release the
files are in include directory.

however when I pass this command in the config log shows:
checking for mysql... No
but if i just use the
/configure --prefix=/opt/snort --with-mysql  --enable-wireless command
(chapter 2 page 34)
then support is built in.
checking for mysql... Yes

has anyone out there got any ideas?

additional info: i installed mysql in /usr/local/mysql
i ran apt-get install libmysqlclient12-dev from within the /usr/lib
directory
and the mysql.h file is stored in /usr/include/mysql
mysql version is: mysql-standard-4.1.9-pc-linux-gnu-i686

regards,
Will.


William M. Fitzgerald (MSc,BSc),
Applied Researcher,
Telecommunications Software & Systems Group,
Waterford Institute of Technology,
Cork Rd.
Waterford.
Office Ph: +353 51 302937
Mobile Ph: +353 87 9527083




-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Snort-users] MYSQL error even though I used --with-mysql, Heinrich Lieker
Next by Date:  Re: [Snort-users] Restarting Snort-inline?, Will Metcalf
Previous by Thread:  RE: [Snort-users] MYSQL error even though I used --with-mysql, Heinrich Lieker
Next by Thread:  RE: [Snort-users] Unable to Generate Graphs from ACID, Naveen.Pareek
Indexes:  [Date] [Thread] [Top] [All Lists]