I have installed snort and I too have checked it by applying rules in local.rules.........It logs the packet properly...............But when I went for database......


I found the following problem:-

I configured databse mysql by,

mysqladmin -u root password "<mypassword>"

mysql -u root -p

than I created snort database by,

mysql> create database snort;

mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE \
on snort.* to snort@localhost;

mysql> SET PASSWORD FOR snort@localhost=PASSWORD('mypassword');

mysql> exit


# cd /usr/local/src/snort-x.x.x/schemas/

# mysql -u root -p < create_mysql snort

than I logged into mysql by,

# mysql -u root -p
Password: <I entered password>
mysql> use snort;
mysql> show tables;


All things were OK till now...........




Now to configure snort.conf to store alerts in database

I removed comment from the line
output database: log, mysql, user=snort password=mypass dbname=snort host=localhost

But when than after I ran it by,


sudo snort -c /etc/snort/snort.conf -i eth1 -l /var/log




I got the following error:-

ERROR: database: mysql_error: Access denied for user 'root'@'localhost' (Using password:YES)
Fatal Error, Quitting..
device eth1 left premiscuous mode
audit (1238407935.129:16): dev=eth1 prom=0 old_prom=256 auid=4294967295

Ya I got tthe things bit solved by applying root name localhost name and password but still things persist here as:-

ERROR: database: mysql_error:can't connect to mysql server on '<local host>' (111) fatal error