Internet IP Linux Machine
eth0 - 142.173.77.22-
Linux Machine LAN interface
eth1 - 192.168.0.1 -
Windows Machine on my LAN
- 192.168.0.69 -
I installed all the packages on the linux machine that i was suppose to folowing the reference but didnt do anything to MYSQL didnt touch any setting just installed the RPM on the LINUX machine ONLY the WINDOWS machine i have set users and database and stuff:
Here is the output of commands from my WINDOWS mysql:
mysql> SHOW DATABASES;
+----------+
| Database |
+----------+
| mysql |
| snort |
| test |
+----------+
3 rows in set (0.00 sec)
mysql> SHOW GRANTS FOR root@localhost
-> ;
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> SHOW GRANTS FOR [EMAIL PROTECTED]
-> ;
+-------------------------------------------------------------------------------
-------+
| Grants for [EMAIL PROTECTED]
|
+-------------------------------------------------------------------------------
-------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO 'sensor1'@'192.16
8.0.1' |
+-------------------------------------------------------------------------------
-------+
1 row in set (0.00 sec)
mysql>
Soo then the intructions say connect to the LINUX machine from WINDOWS machine using PUTTY and PORT 22 Soo here is what i plug into PUTTY
IP: 142.173.77.22 Port 22
login as: root
password: rootpassword
Then i run this command
snort-mysql+flexresp -v -c /etc/snort/snort.conf
I get this error:
database: mysql_error: Can't connect to MySQL server on '192.168.0.69' (110)
Fatal Error, Quitting..
Can you see whats wrong yet? with my settings? Maybe i got the ip address messed up i cant tell..any help from that?? Thanks again for any help
From: "Wil McGilvery" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: <[EMAIL PROTECTED]>
Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
Date: Mon, 10 Feb 2003 21:17:52 -0500
I am really very sorry for my poor typing skills.
I omitted one very important thing - every mysql command ends in ';'
Therefore SHOW DATABASE should be SHOW DATABASE;
The SHOW GRANTS should be SHOW GRANTS FOR sensor1@localhost; (or ip address)
My apologies for this mistake.
Regards,
Wil McGilvery
Manager, Digital Media
416-744-7191
416-716-3964 (cell)
1-888-622-3729
416-744-0406� FAX
www.LynchDigital.com
-----Original Message-----
From: mike Hughes [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 10, 2003 6:25 PM
To: [EMAIL PROTECTED]
Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
Ok from my "windows machine (management)" i ran these commands and here is
the output:
C:\mysql\bin>mysql -u sensor1 -p snort
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 3.23.55-nt
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> SHOW DATABASE
->
mysql> SHOW GRANTS
->
This shouldnt be like this im guessing? ;( HOw can i fix this?
>From: "Wil McGilvery" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: <[EMAIL PROTECTED]>
>Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
>Date: Mon, 10 Feb 2003 16:40:02 -0500
>
>I believe the syntax is the same regardless of what O/S you have.
>
>Have you tried connecting from your shell?
>
>shell> mysql -u (user_name) -p (name of database use mysql or test)
>
><enter password when prompted or leave blank if no password>
>
>To see your databases use ..
>
>mysql> SHOW DATABASES
>
>To see priviledges for sensor1@"ipaddress" use..
>
>mysql> SHOW GRANTS FOR sensor1@"ipaddress"
>
>I noticed that you used [EMAIL PROTECTED] when you granted privileges
>and the snort error used @192.168.0.1. You may want to check this out.
>
>
>There are some very good admin tools that will assist you in the
>administration of mysql.
>
>Try:
>
>http://www.phpwizard.net/projects/phpMyAdmin/
>
>http://www.webyog.com/sqlyog/index.html
>
>HTH
>
>Regards,
>
>Wil McGilvery
>Manager, Digital Media
>
>
>
>416-744-7191
>416-716-3964 (cell)
>1-888-622-3729
>416-744-0406� FAX
>www.LynchDigital.com
>
>
>-----Original Message-----
>From: Net Llama! [mailto:[EMAIL PROTECTED]]
>Sent: Monday, February 10, 2003 3:57 PM
>To: [EMAIL PROTECTED]
>Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
>
>I've never used mysql on a windoze box, so its really hard to say if what
>you did was right or wrong.
>
>On Mon, 10 Feb 2003, mike Hughes wrote:
> > Hey whats up?
> >
> > when i created the mysql database on my windows machine this is what i
>did:
> >
> > cd c:\mysql\bin
> >
> > MySQL grant INSERT,SELECT,CREATE,DELETE on snort.* to snort;
> >
> > grant INSERT,SELECT,CREATE,DELETE on snort.* to [EMAIL PROTECTED];
> >
> > ## IS THIS right was it suppose to be named sensor1@my inetrnet ip or
>was it
> > suppose to be named my LAN ip og my LINUX machine??
> > Well then i did:
> >
> > exit
> >
> > MySQL -u snort snort < c:\SnortM\snortdb\create_mysql
> >
> > Exit ( To exit the shell window)
> >
> > >From: Net Llama! <[EMAIL PROTECTED]>
> > >Reply-To: [EMAIL PROTECTED]
> > >To: [EMAIL PROTECTED]
> > >Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
> > >Date: Mon, 10 Feb 2003 10:30:44 -0500 (EST)
> > >
> > >In deed, that sounds like the problem to me as well. "@192.168.0.1"
> > >sounds like a really strange name for a mysql user. You sure that you
>set
> > >it up properly?
> > >
> > >On Mon, 10 Feb 2003, Wil McGilvery wrote:
> > >
> > > > I am not an expert on snort, but it looks like the user that is
>trying
> > >to log onto your database does not have permission to access it.
> > > >
> > > > Have you tried to access your database with that user outside of
>snort?
> > > >
> > > > www.mysql.com has very good documentation about setting up and
> > >configuring a database.
> > > >
> > > >
> > > > Wil McGilvery
> > > > Manager, Digital Media
> > > >
> > > >
> > > >
> > > > 416-744-7191
> > > > 416-716-3964 (cell)
> > > > 1-888-622-3729
> > > > 416-744-0406� FAX
> > > > www.LynchDigital.com
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: mike Hughes [mailto:[EMAIL PROTECTED]]
> > > > Sent: Monday, February 10, 2003 6:13 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Access denied for user: '@192.168.0.1' -SNORT-
> > > >
> > > > whaaats up guys...
> > > >
> > > > I have worked at this for a while now but cant figure it out...I
>have
> > >been
> > > > trying to get snort working using this as my reference but am stuck
>on
> > >the
> > > > send to last step HELP!
> > > > here is my reference:
> > > > http://www.sans.org/rr/intrusion/practical_guide.php
> > > > Fragment Problems: 0
> > > > telnet_decode arguments:
> > > > Ports to decode telnet on: 21 23 25 119
> > > > ERROR spp_arpspoof /etc/snort/snort.conf(39) => Cannot initialize
> > > > arpspoof_detect_host without arpspoof
> > > > database: compiled support for ( mysql )
> > > > database: configured to use mysql
> > > > database: database name = snort
> > > > database: user = sensor1
> > > > database: host = 192.168.0.69
> > > > database: port = 3306
> > > > database: sensor name = Sensor1
> > > > database: detail level = full
> > > > database: mysql_error: Access denied for user: '@192.168.0.1' to
> > >database
> > > > 'snort'
> > > > Fatal Error, Quitting..
> > > >
> > > > How can i debug this and try to figure out what setting is wrong???
> > > > Im a newbie to mysql soo im not too sure how to see those settings:
>but
> > >i
> > > > followed the directions properly.
>
>--
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Lonni J Friedman [EMAIL PROTECTED]
>Linux Step-by-step & TyGeMo http://netllama.ipfox.com
>
>_______________________________________________
>Linux-users mailing list
>[EMAIL PROTECTED]
>Unsubscribe/Suspend/Etc ->
>http://www.linux-sxs.org/mailman/listinfo/linux-users
>
>_______________________________________________
>Linux-users mailing list
>[EMAIL PROTECTED]
>Unsubscribe/Suspend/Etc ->
>http://www.linux-sxs.org/mailman/listinfo/linux-users
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
