[afnog] help with ACID installation
Sergio Carrilho
seergio.carrilho at gmail.com
Wed May 11 16:58:08 EAT 2005
Hi mark,
On 5/11/05, Mark Tinka <mtinka at africaonline.co.sz> wrote:
> Have you installed MySQL and supporting libraries? Is it
> running?. If so...
It seems like it's running.
#ps -ef|grep mysqld
root 2285 1 0 15:48 ? 00:00:00 /bin/sh
/usr/bin/safe_mysqld --defaults-file=/etc/my.cnf
mysql 2309 2285 0 15:48 ? 00:00:00 /usr/libexec/mysqld
--defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql
--user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking
> > Check the DB connection variables in acid_conf.php
>
> My first guess is you'll need to set the values below in
> the above mentioned file, 'acid_conf.php'. Have you done
> this?
yes. (see the following)
/* Alert DB connection parameters
* - $alert_dbname : MySQL database name of Snort alert DB
* - $alert_host : host on which the DB is stored
* - $alert_port : port on which to access the DB
* - $alert_user : login to the database with this user
* - $alert_password : password of the DB user
*
* This information can be gleaned from the Snort database
* output plugin configuration.
*/
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "*******";
/* Archive DB connection parameters */
$archive_dbname = "snort";
$archive_host = "localhost";
$archive_port = "";
$archive_user = "snort";
$archive_password = "*******";
> What you are basically trying to do is tell snort how to
> log into MySQL (host [normally 127.0.0.1], port
> [normally 3306 for MySQL], username & password that will
> allow access to MySQL), where to find the database (the
> database name you've chosen inside MySQL, that will
> contain the data, e.g., snort) so it is able to
> insert/retrieve your data.
>
> Hope this doesn't sound too complicated.
>
> Mark.
and when I run
/usr/sbin/snort -c /etc/snort/snort.conf -T -i eth0
looks like it is working and logging
More information about the afnog
mailing list