Snort mailing list archives
Re:Newbie install on OpenBSD 3.2
From: "Jobs" <applications () maximumunix org>
Date: Mon, 27 Jan 2003 19:58:43 -0800
From: "Siobahn Hotaling" <siobahn () siobahn com>
To: <snort-users () lists sourceforge net> Date: Mon, 27 Jan 2003 19:49:21 -0800 Subject: [Snort-users] Newbie Install on OpenBSD Question I've been scouring the Snort FAQ and README's all day, but I still have a few unsolved questions and I was hoping that someone could help. (installing from ports on OpenBSD 3.2)
Keep in mind the ports version is 1.8.6 , not that this is bad but just remember that.
1. The machine I am installing on is a web server that is also configured as a firewall to an internal network, but I am more interested in the traffic that comes into the server (not into the internal network). If
this
is so, do I configure the $HOME_NET and $EXTERNAL_NET IP addresses both to be the IP address of the server?
No. The external net means machines that dont belong to your network, that are not friends, that you want to activate snort signature matching for. so in your case $HOME_NET will be <visible external ip address> $EXTERNAL_NET will be ! $HOME_NET. one thing you would want to know here is packets from your internal network destined to the machine external IP ( which should not happen) will be processed by snort. if you want to monitor your internal users then $HOME_NET should have both IP's there is a sample snort.conf file, you should find it in /usr/local/share/examples/snort there is also a collection of rules pkg_info snort | more should help
2. I can't find the sql statements to create the tables snort needs to
put
the logs into a mysql database anywhere - nothing showed up in the install directory.
read the README file for flags to compile the port with SQL Support. in any case, if you dont find a file called snortdb.sql or such then get it from snort's website for the same version to insure DB schema did not change, and then execute it. for MySQL mysql -u user -p mysql>create database snort mysql>quit #mysql -u user -p snort < snortdb.sql make sure you give permissions to the snort user to connect, write to the DB. if you are thinking about logging to a DB because you want to run ACID, that is excellent choice. but I would like to promote a software I wrote (currently win32) that can read snort XML Logs screen shot is @ http://www.maximumunix.org/images/ScreenShotSnort.jpg I am almost done porting it to Unix, my test environment is openBSD 3.2 so you will feel right at home. get snort working and try logging to XML while i am finishing up :-)
Any help would be much appreciated! Thanks
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re:Newbie install on OpenBSD 3.2 S. (Jan 27)
- <Possible follow-ups>
- Re:Newbie install on OpenBSD 3.2 Jobs (Jan 28)