Database error Snort
I have installed snort and I too have checked it by applying rules in local.rules.........It logs the packet properly...............But when I went for database......
I found the following problem:-
I configured databse mysql by,
mysqladmin -u root password "<mypassword>"
mysql -u root -p
than I created snort database by,
mysql> create database snort;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE \
on snort.* to snort@localhost;
mysql> SET PASSWORD FOR snort@localhost=PASSWORD('mypassword');
mysql> exit
# cd /usr/local/src/snort-x.x.x/schemas/
# mysql -u root -p < create_mysql snort
than I logged into mysql by,
# mysql -u root -p
Password: <I entered password>
mysql> use snort;
mysql> show tables;
All things were OK till now...........
Now to configure snort.conf to store alerts in database
I removed comment from the line
output database: log, mysql, user=snort password=mypass dbname=snort host=localhost
But when than after I ran it by,
sudo snort -c /etc/snort/snort.conf -i eth1 -l /var/log
I got the following error:-
ERROR: database: mysql_error: Access denied for user 'root'@'localhost' (Using password:YES)
Fatal Error, Quitting..
device eth1 left premiscuous mode
audit (1238407935.129:16): dev=eth1 prom=0 old_prom=256 auid=4294967295
|