Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » BSD » openBSD 4.2

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

openBSD 4.2


Posted by mfaridi on January 29, 2008 05:28:10

I use this blog for install Snort in OpenBSD 4.2

http://parvinderbhasin.blogspot.com/2007/12/openbsd-42-ids-solution-snort-and-base.html

but after I run this command

/usr/local/bin/snort -c /etc/snort/snort.conf

I see this error

database: sensor name = 192.168.0.90
database: sensor id = 1
database: schema version = 107
database: using the "log" facility
database: compiled support for ( mysql )
database: configured to use mysql
database: user = root
database: host = localhost
database: must enter database name in configuration file


USAGE: database plugin

output database: [log | alert], [type of database], [parameter list]

[log | alert] selects whether the plugin will use the alert or
log facility.

For the first argument, you must supply the type of database.
The possible values are mysql, postgresql, odbc, oracle and
mssql
The parameter list consists of key value pairs. The proper
format is a list of key=value pairs each separated a space.

The only parameter that is absolutely necessary is "dbname".
All other parameters are optional but may be necessary
depending on how you have configured your RDBMS.

dbname - the name of the database you are connecting to

host - the host the RDBMS is on

port - the port number the RDBMS is listening on

user - connect to the database as this user

password - the password for given user

sensor_name - specify your own name for this snort sensor. If you
do not specify a name one will be generated automatically

encoding - specify a data encoding type (hex, base64, or ascii)

detail - specify a detail level (full or fast)

ignore_bpf - specify if you want to ignore the BPF part for a sensor

definition (yes or no, no is default)

FOR EXAMPLE:
The configuration I am currently using is MySQL with the database
name of "snort". The user "snortusr@localhost" has INSERT and SELECT
privileges on the "snort" database and does not require a password.
The following line enables snort to log to this database.

output database: log, mysql, dbname=snort user=snortusr host=localhost

ERROR: Fatal Error, Quitting..



what is problem ??/

Posted by jayzel on February 05, 2008 09:37:37

Make sure you completely understand the chroot concepts, and that if you have chrooted your snort installation, and your mysql installation, that the chrooted paths are being referenced correctly.


Posted by snort_sport on February 19, 2008 20:28:24

try this, if it sill doesnt work, give it a password.
output database: log, mysql, user=snortuser password= dbname=snort host=localhost

also make sure there aren't any other output database in the conf.
check the mysql permissions with mysql -u snortusr -D snort -e "select count (*) from event"
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.