Snort mailing list archives
RE: Snort to Oracle
From: "Kreimendahl, Chad J" <Chad.Kreimendahl () umb com>
Date: Fri, 3 Jan 2003 18:33:42 -0600
Download Oracle from the OTN site: http://otn.oracle.com/software/content.html If you're only using it for snort, try 9i Lite. If you're going to use some customized interface in a language like perl or C, you may want to just go ahead and get the whole DB... (9i lite may have the libs you need, but I have yet to see anyone test it). Recompile the latest version of snort (1.9 or current) from cvs. Using the following: ./configure --with-oracle=$ORACLE_HOME Where $ORACLE_HOME is the variable you set as your ORACLE_HOME when you installed. Also, you MUST make sure ORACLE_HOME is defined for all users that are going to use ORACLE... I recommend just doing it in /etc/profile. In the contrib folder, make sure you create the database in oracle... And make sure you set up a user to access that db. This part is definitely much more dificult than MySQL... Oracle is much more picky. Then, in the config file... output database: alert, oracle, user=<oracle_user> dbname=<db_sid> password=<password> sensor_name=<name for your sensor> -----Original Message----- From: Steven Rudolph [mailto:srudolph () iocenter net] Sent: Friday, January 03, 2003 10:06 AM To: Snort-Users (E-mail) Subject: [Snort-users] Snort to Oracle Does anyone have any tips/tricks on getting snort to send logs to oracle? I am getting well over 15K detected attempts a day and my database grows too quickly for MySql to handle (my current setup) I have been using the Acid front end to help analyze. Steve Rudolph, CCSE Network Security Engineer Internet Operations Center ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort to Oracle Steven Rudolph (Jan 03)
- Re: Snort to Oracle Nicholas Bachmann (Jan 03)
- Re: Snort to Oracle Steve Suehring (Jan 03)
- <Possible follow-ups>
- RE: Snort to Oracle O'Flynn, Derek (Jan 03)
- RE: Snort to Oracle Steven Rudolph (Jan 03)
- RE: Snort to Oracle Kreimendahl, Chad J (Jan 03)
- RE: Snort to Oracle Kreimendahl, Chad J (Jan 03)
- Re: Snort to Oracle Nicholas Bachmann (Jan 03)