logo
bgImage
http://www.winsnort.com


Welcome to the home of WinIDS - Windows Intrusion Detection System!
header

Thank you for visiting WINSNORT.com

FAQ  •  Search  •  Register  •  Log in to check your private messages
Log in

Slave sensor and MSSQL
WINSNORT.com Forum Index » WinIDS - Windows XP / 2003 / 7 / 2008 / 2012 Remote Slave Sensor » WinIDS - Connecting Slave Sensor to a Remote MySQL or PostgreSQL Database Server
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
haggardOffline
3 Post subject: Slave sensor and MSSQL  PostPosted: Nov 22, 2003 - 11:27 AM



Joined: Nov 04, 2003

Posts: 4

Status: Offline
I have installed slave sensor on Windows XP. When inside my network this works great.

Move this sensor to the outside of my network and am having issues when trying to connect to the SQL database for dumping alerts. I have the correct ports open in the firewall, have tested connectivity between the slave sensor and master sensor and all that is good.

But the issue is that the snort service will not stay running, I get the following error when I try and start the snort program from command line..

database failed to logon to host.

I can create an ODBC connection from the slave sensor to the database server so I know that there is actually communication at the database level between the sensor and the database server.

Any help or ideas would be greatly appreciated.
 
 View user's profile Send private message  
Reply with quote Back to top
MorpheusOffline
Post subject:   PostPosted: Nov 22, 2003 - 07:01 PM
Site Admin


Joined: Sep 04, 2003
East Coast - USA
Posts: 1415
Location: East Coast - USA
Status: Offline
You MUST be able to connect to the database. Try:

telnet <hostname> 3306

You should get a response back from MySQL about the connection attempt.
 
 View user's profile Send private message Visit poster's website MSN Messenger  
Reply with quote Back to top
haggardOffline
3 Post subject: slave sensor and MSSQL  PostPosted: Nov 23, 2003 - 06:35 AM



Joined: Nov 04, 2003

Posts: 4

Status: Offline
I am running MSSQL not MySql so the port is different, but I can connect to the database using telnet and the SQL client utils.

But the issue is the service will run on the slave sensor until it sees an alert to log and then stops with an error about logon to database failed to host.

Any ideas of how else I can track this would be helpful.

Thanks.
 
 View user's profile Send private message  
Reply with quote Back to top
MorpheusOffline
Post subject:   PostPosted: Nov 23, 2003 - 06:50 AM
Site Admin


Joined: Sep 04, 2003
East Coast - USA
Posts: 1415
Location: East Coast - USA
Status: Offline
Woops, sorry :)

So MSSQL makes the initial connection then barfs when an alet is being sent?

You have tried this setup on the inside and it works, and as soon as you move the sniffing interface to the outside this is happening?

Are you running a single NIC or are you running duel NIC's, one for sniffing and one for management?
 
 View user's profile Send private message Visit poster's website MSN Messenger  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT -5 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 WINSNORT.com Forum Index » WinIDS - Windows XP / 2003 / 7 / 2008 / 2012 Remote Slave Sensor »  WinIDS - Connecting Slave Sensor to a Remote MySQL or PostgreSQL Database Server

Powered by PNphpBB2 © 2003-2009. The PNphpBB2 Team
www.eventloganalyzer.com