I am not an expert on snort, but it looks like the user that is trying to log onto your database does not have permission to access it.
Have you tried to access your database with that user outside of snort? www.mysql.com has very good documentation about setting up and configuring a database. Wil McGilvery Manager, Digital Media 416-744-7191 416-716-3964 (cell) 1-888-622-3729 416-744-0406� FAX www.LynchDigital.com -----Original Message----- From: mike Hughes [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 6:13 AM To: [EMAIL PROTECTED] Subject: Access denied for user: '@192.168.0.1' -SNORT- whaaats up guys... I have worked at this for a while now but cant figure it out...I have been trying to get snort working using this as my reference but am stuck on the send to last step HELP! here is my reference: http://www.sans.org/rr/intrusion/practical_guide.php OK here is what my IDS sensor file looks like: SensorName : Sensor1 IP Adress of Sensor: 1xx.17x.13.64 <---my internet IP policy name: Sensor1 username : root Here is my IDS policy settings Policy name : sensor 1 snort-1.9 policy location: c:\programfiles\activeworx\Sensor1\snort.conf description policy for sensor 1 192.168.0.69 is windows machine (whereim managing snort) 192.168.0.1 is my LAN interface eth1 eth0 is my internet interface snort-mysql+flexresp -v -c /etc/snort/snort.conf Initializing Output Plugins! Log directory = /var/log/snort Initializing Network Interface eth0 #<-----this is my INTERNET interface eth0 and eth1 is my ####################### lan interface --== Initializing Snort ==-- Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file /etc/snort/snort.conf ++++++++++++++++++++++++++++++++++++++++++++++++++ + Initializing rule chains... http_decode arguments: Unicode decoding IIS alternate Unicode decoding IIS double encoding vuln Flip backslash to slash Include additional whitespace separators Ports to decode http on: 80 rpc_decode arguments: Ports to decode RPC on: 111 32771 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Reassembly method: FAVOR_OLD Conversation Config: KeepStats: 0 Conv Count: 32000 Timeout : 60 Alert Odd?: 0 Allowed IP Protocols: All Portscan2 config: log: /var/log/snort/scan.log scanners_max: 3200 targets_max: 5000 target_limit: 5 port_limit: 20 timeout: 60 No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 ERROR spp_arpspoof /etc/snort/snort.conf(39) => Cannot initialize arpspoof_detect_host without arpspoof database: compiled support for ( mysql ) database: configured to use mysql database: database name = snort database: user = sensor1 database: host = 192.168.0.69 database: port = 3306 database: sensor name = Sensor1 database: detail level = full database: mysql_error: Access denied for user: '@192.168.0.1' to database 'snort' Fatal Error, Quitting.. How can i debug this and try to figure out what setting is wrong??? Im a newbie to mysql soo im not too sure how to see those settings: but i followed the directions properly. _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
