Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Snort - sending messages to MySQL on another Snort machine

Posted on 2006-10-27
6
Medium Priority
?
354 Views
Last Modified: 2010-04-11
I have W2K running Snort 2.4.5 and RHEL4 running Snort 2.6.0.2, both in IDS mode. The windows system is logging to syslog and the rhel system is logging to a mysql database. Both are working fine. . . I am running base on the rhel system.

I cant figure out how to have the alerts on the windows system go to the mysql data base on the linux system. I configured an output database command and the windows system is getting alerts (they show on the DOS console) but when I trace the connection between the two systems, no data ever leaves the windows system.

I am new to snort and relatively new to rhel . . . there must be a way to send data/alerts from multiple sensors. Any ideas?
0
Comment
Question by:SteveJ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 9

Accepted Solution

by:
crawfordits earned 400 total points
ID: 17824508
set the mysql output-logging in the snort.conf to get some debugging action.. then paste back output.. its possible it will output something like " Host 'x.x.x.x' is not allowed to connect to this MySQL server" then it it obvious what to do
0
 
LVL 9

Expert Comment

by:crawfordits
ID: 17824509
dont forget snort -T
0
 
LVL 16

Author Comment

by:SteveJ
ID: 17824656
Turns out that I didn't have a sensor_name variable on the sensor OR the main machine. When I added the sensor_name to the main machine it was visible in BASE and all's working fine now.

Thanks for responding crawfordits . . . the other problem is that I have Red Hat Advance Server 4 and it's got old PHP (4.0.x) and old MySQL (3.x) and I can't get pear to work . . . I'm a novice at red hat and I can't figure out how to upgrade all the stuff that it complains about when I try to upgrade the RPM and glibc and on and on . . .
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 400 total points
ID: 17828333
Try using Yum, aptget or uo2date:
as root
yum update php     or yum update mysql   or... yum update (then copy the packages you want to update to the command "yum update package1 package2 package3.."

iI think up2date is installed by default, yum might not be available
-rich
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question