[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] RE: again on databaase login



Matteo,

1. At the database level, the process must use the RealsecureDB database
- accomplish this by 'USE RealsecureDB'. You can eliminate this step
either by configuring a default database for a SQL login or in the ODBC
connection properties.

2. Creating an ODBC connection only means you can access SQL Server/MSDE
*using* ODBC - but you still need an account with access to the
database. SQL Server (MSDE) handles authentication slightly differently
depending on how it was initially set up. Assuming SQL logins are used,
this T-SQL will create a SQL server login and a RealsecureDB database
user with read-only rights to all tables:
	USE master
	EXEC sp_addlogin
@loginame=[ReportApp],@passwd=[abcd123],@defdb=[RealsecureDB]
	USE RealsecureDB
	EXEC sp_grantdbaccess @loginame=
[ReportApp],@name_in_db=[ReportApp]
	EXEC sp_addrolemember @rolename=[db_datareader],
@membername=[ReportApp]
	GO    

3. The SiteProtector database schema is detailed in the product
documentation, but for basic needs you probably won't need it. Start
with the Observances table if you want processed/refined information, or
the SensorData table if you want 'raw' sensor events. 

Cheers,
Robert
		

-----Original Message-----
From: nyarlathothep@xxxxxxxxx [mailto:nyarlathothep@xxxxxxxxx] 
Sent: 19 August 2004 09:27
To: Duncanson, Robert
Cc: issforum
Subject: again on databaase login

ok, I've created another ODBC source and I can connect with the Windows
user logged in, but I see only 10 tables, the server schema tables I
think... I cant see the ISS tables...

any idea?

Thankx,

Matteo



---------- Initial Header -----------

>From      : "Duncanson, Robert" robert.duncanson@xxxxxxxxxxxxx
To          : nyarlathothep@xxxxxxxxx,"issforum" issforum@xxxxxxx
Cc          : 
Date      : Thu, 19 Aug 2004 09:06:20 +0100
Subject : RE: [ISSForum] databaase login

> Matteo,
> 
> You cannot use the SQL logins (IssApp, EventCollector_XXXXXX etc.) 
> that are created by ISS components, since these have random passwords 
> which are stored securely. (Even if that were not the case, using the 
> same account for two distinctly different processes goes against best

> practice.)
> 
> The solution is to simply create a new SQL login for your agent
process.
> From what you wrote, this looks like a read-only/reporting scenario, 
> so the standard SQL roles public+db_datareader would probably suffice.
> 
> Cheers,
> 
> Robert
> 
> -----Original Message-----
> From: issforum-bounces@xxxxxxx [mailto:issforum-bounces@xxxxxxx]
> Sent: 18 August 2004 14:59
> To: issforum
> Subject: [ISSForum] databaase login
> Importance: High
> 
> Hi all,
> 
> I've a problem with the Evaluation version of ISS Site Protector
Suite:
> 
> I'm developing an agent capable to connect to Snort and ISS IDS sensor

> so I've to see how ISS write alerts data in the database.
> 
> I've installed the evaluation and it works perfectly, but I recognize 
> that I dont know how to login into the MS SQL desktop database to see 
> tables.
> 

> Is it possible? 
> Is the login the same one of the Site Protector system or something 
> else?
> 
> Could someone help me?
> 
> 
> --------------------------------------------------------------------
> Matteo Poropat
> mailto:nyarlathothep@xxxxxxxxx
> http://www.genhome.org
> --------------------------------------------------------------------
> 

> 
> 
> _______________________________________________
> ISSForum mailing list
> ISSForum@xxxxxxx
> 
> TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
> https://atla-mm1.iss.net/mailman/listinfo/issforum
> 

> To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

> 
> The ISSForum mailing list is hosted and managed by Internet Security 
> Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
> 



-------------------------------
-------------------------------
------

Matteo Poropat
mailto:nyarlathothep@liber
o.it
http://www.genhome.org

http://books.dreambook.co
m/mefistofele74/genhome.
html
-------------------------------
-------------------------------
------


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.