snort, mysql e acid
All
Estou tentando configurar o trio acima, mas estou tendo problemas. Fiz
o seguinte :
Dados Tecnicos #
##################
gateway - stargate
servidor MySQL - akira
# Cliente #
###########
$ aptitude install snort-common snort-mysql snort-rules-default
$ /etc/snort/reference.config
output database: log, mysql, dbname=snort user=snort host=stargate
password=snort_user_password
# Servidor #
############
$ echo "CREATE DATABASE snort;" | mysql -u root -p
$ mysql -D snort -u root -p < create_mysql
$ mysql -u root -D mysql -p
mysql> insert,select,update on snort.* to snort@stargate identified by
'snort_user_password';
mysql> quit;
$ echo "GRANT INSERT, SELECT on snort.* to snort@stargate" | mysql -u
root -D mysql -p
$ vi /usr/share/acidlab/acid_conf.php
$alert_dbname = "snort";
$alert_host = "stargate";
$alert_port = "";
$alert_user = "snort";
$alert_password = "snort_user_password";
/* Archive DB connection parameters */
$archive_dbname = "snort";
$archive_host = "stargate";
$archive_port = "";
$archive_user = "snort";
$archive_password = "snort_user_password";
O primeiro problema que eu estou tendo eh que quando eu tento acessar a
pagina do ACID esta aparecendo as seguintes mensagens de erro
Warning: Can't connect to MySQL server on 'stargate' (111) in
/usr/lib/adodb/adodb-mysql.inc.php on line 113
Error (p)connecting to DB : snort@stargate
Check the DB connection variables in acid_conf.php
= $alert_dbname : MySQL database name where the alerts are stored
= $alert_host : host where the database is stored
= $alert_port : port where the database is stored
= $alert_user : username into the database
= $alert_password : password for the username
Reply to: