www.internetsecurityguru.com/documents/snort_acid_rh9.pdf
$alert_user ="root";for grant INSERT,SELECT on snort.* to root@xxxxxxxxx;
i am not sure if this is a good choice
# grep mysql ~/.snortrc
output database: log, mysql, user=snort password=blabla dbname=snort host=localhost
What would be a better choice? I am always open to ideas.
hi, back @home :)
why will you connect the snort-database as "root" with stored "password" in a config-file ??
why do you restrict "root" the permission on this database??
why not create a snort-user?
a quick search through the snort docs
http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf
~page 19
-- shrek-m
