Snort configuration

bigl asked:

I’m trying to configure Snort on a security probe and I am having an error: FATAL ERROR: database: mysql_error: Can’t connect on MYSQL server on “x” (111).

I have set up the account with privileges and I think the problem is now with the snort configuration. To help me understand a little better could you tell me which variables are supposed to go where on the output database?

output database: log, mysql, sensor_name=<?> dbname = snort user = x host=<?> password=x
output database: log, mysql, sensor_name<?> dbname = snort user = x host=<?> password =x

I know I need to put IP addresses for the sensor_name and host but which ones? Which entry is for the device IP and what is the other one for?

My answer:

No MySQL server is running at the hostname you gave, or it is firewalled.

Ensure that the MySQL server is running, that you gave the correct hostname, and that the firewall permits the necessary access.

One way to check whether the server is running is to use the MySQL console to connect to it:

mysql -u <snort-db-user> -h <snort-db-host> -p 

If you are given an authentication failure or a SQL prompt, your server is running and can be connected to.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.