OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: [Snort-users] remote sensor config

From: AJ Butcher, Information Systems and Computing (Alex.Butcherbristol.ac.uk)
Date: Thu Apr 08 2004 - 02:45:09 CDT

--On 08 April 2004 10:54 +0800 Che Wan Zaharudin <azharessasia.net> wrote:

> Hi,
>
> On your management server, grant permission to database for user
> 'my_username' to the database snort127.0.0.1. Try this command:
>
> mysql> grant all privileges on snort.* to myusername127.0.0.1 identified
> by 'my_password';

ITYM:

grant all privileges on snort.* to my_usernamesensor.ip.addr.ess
identified by 'my_password';

...since the sensor.ip.addr.ess will be the source address of any database
connections initiated by Snort.

Incidentally, snort doesn't require all privs; INSERT, SELECT, UPDATE
should be sufficient, I think.

> Thanks.

Best Regards,
Alex.

>
> -----Original Message-----
> From: Zondlo, Zack [mailto:ZZondloacmail.aclink.org]
> Sent: Thursday, April 08, 2004 5:55 AM
> To: snort-userslists.sourceforge.net
> Subject: [Snort-users] remote sensor config
>
> hello all,
>
> i am trying to get my remote sensor to report to my management server, so
> far with no luck. the management server is up with acid and snortcenter
> and running fine, with snort running and reporting fine as well. mysql
> client and snortcenter client are on the sensor; snortcenter works fine,
> i can stop and start the sensor from the management box, push rules etc .
> i have tried the following versions of the output line in snort.conf on
> the sensor server:
> output database: alert, mysql, host=127.0.0.1 dbname=snort
> user=my_username password=my_password sensor_name=sensor, encoding ascii
> output database: alert, mysql, host=10.100.1.240 dbname=snort
> user=my_username password=my_password sensor_name=sensor, encoding ascii
> with the second one the sensor and the management server have a
> conversation of 10 packets going to port 3306 on the management server,
> which is correct. when snort starts, then nothing. the first config gets
> me nothing at all. snortcenter talks all the time on port 2525.
> the documentation i've read says to use the first line listed. if this is
> correct, then how do i get the sensor to know where management is?
> basically, i guess, how do i get this to work?
> thanks in advance,
> zack
>
>
> NHSXu??.)?y
> zTm't!:?'-+xwj[?vhj?vvw
>
>
> *****Confidentiality Notice*****************
> This message contains confidential
> information and is intended only for the
> individual named.If you are not the named
> addressee you should not disseminate,
> distribute or copy this e-mail. Please
> notify the sender immediately by e-mail if
> you have received this e-mail by mistake and
> delete this e-mail from your system.
> ********************************************
>
>
> *****Confidentiality Notice*****************
> This message contains confidential
> information and is intended only for the
> individual named.If you are not the named
> addressee you should not disseminate,
> distribute or copy this e-mail. Please
> notify the sender immediately by e-mail if
> you have received this e-mail by mistake and
> delete this e-mail from your system.
> ********************************************
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id70&alloc_id638&op?
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list
>

--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9

-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users