|
|
|
|
Snort Forums Archive
Archive Home » Support » Can't log to remote database
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Can't log to remote database
Posted by catfishlee on December 06, 2005 13:33:48
I've got 2 linux machines running Snort-2.4.3.
I get the following on the remote sensor when trying to log to my local db:
"Can't connect to MySql server on '192.81.96.140' (110)"
My "output database" line (snort.conf) is:
"log, mysql, user=snort password=*** dbname=snort host=192.81.96.140 port=3306 sensor_name=RCsensor"
If I use host=localhost it works fine.
MySql is running on the host and there is good connectivity between the two machines.
Thanks for any help.
Jake
|
|
Posted by brevizniak on December 06, 2005 17:13:42
can you manually log in using mysqlclient?
I suspect that the account only has localhost privs granted and you need to issue a grant to the remote system. |
|
Posted by catfishlee on December 08, 2005 09:34:03
Yes I've granted access with the following:
mysql> use snort
database changed
grant INSERT,SELECT on snort.* to snort@192.81.96.158;
grant INSERT,SELECT on snort.* to root@192.81.96.158;
When starting snort on my remote system (192.81.96.158) I still get ;
ERROR: database: mysql_error: Can't connect to MySQL server on '192.81.96.140' (110)
I can ping either direction but cannot connect to the db....
The ports are the standard 3306 and my outport database line in Snort.conf looks like this:
output database: log, mysql, user=snort password=*** dbname=snort host=192.81.96.140 port=3306 sensor_name=RCsensor
any help is greatly appreciated
Jake |
|
Posted by brevizniak on December 08, 2005 10:25:28
from the snort sensor what is the result of this command
mysql -h 192.81.96.140 -u snort -p snort |
|
Posted by catfishlee on December 08, 2005 13:37:32
I shut down both Firewalls and got past the "Can't connect to MySql server" error......... now it's just a permissions problem.
Running Snort on the Snort Sensor (or after running your command above) now gives me :
"ERROR 1045 (28000): Access denied for user 'snort@192.81.96.158' (using password: YES)
I've given Snort the following:
mysql> grant INSERT,SELECT,CREATE,DELETE,UPDATE on snort.* to snort@192.81.96.158;
What am I missing now?
Thanx
Jake |
|
Posted by catfishlee on December 08, 2005 13:50:54
I shut down both Firewalls and got past the "Can't connect to MySql server" error......... now it's just a permissions problem.
Running Snort on the Snort Sensor (or after running your command above) now gives me :
"ERROR 1045 (28000): Access denied for user 'snort@192.81.96.158' (using password: YES)
I've given Snort the following:
mysql> grant INSERT,SELECT,CREATE,DELETE,UPDATE on snort.* to snort@192.81.96.158;
What am I missing now?
Thanx
Jake |
|
Posted by catfishlee on December 08, 2005 13:57:53
I shut down both Firewalls and got past the "Can't connect to MySql server" error......... now it's just a permissions problem.
Running Snort on the Snort Sensor (or after running your command above) now gives me :
"ERROR 1045 (28000): Access denied for user 'snort@192.81.96.158' (using password: YES)
I've given Snort the following:
mysql> grant INSERT,SELECT,CREATE,DELETE,UPDATE on snort.* to snort@192.81.96.158;
What am I missing now?
Thanx
Jake |
|
Posted by brevizniak on December 08, 2005 16:08:00
Did you FLUSH PRIVILEGES ?
This tutorial should be helpful.
http://dev.mysql.com/doc/refman/5.0/en/access-denied.html
|
|
Posted by catfishlee on December 09, 2005 08:25:17
I found the answer.....
Even though the user name and password is the same I had to reset the password for the remote user (using the same one) before it would allow snort to log to the db.
I used:
mysql>SET PASSWORD FOR snort@RCsensor.ourdomain=PASSWORD('password');
After that it's working like a charm.
Thanks "Brevizniak" for the help.
Cya next time,
Jake |
|
|
|
|
|
