Snort mailing list archives
Re: Snort Archive Database Creation Script
From: Charles Heselton <charles.heselton () gmail com>
Date: Sat, 31 Jul 2004 00:02:31 -0700
On Sat, 31 Jul 2004 01:42:38 -0500, Paul Schmehl <pauls () utdallas edu> wrote:
--On Friday, July 30, 2004 5:52 PM -0700 Charles Heselton <charles.heselton () gmail com> wrote:Hi all. Don't know if this question has been asked before. I wasn't able to find too much on google or the list archive. I would like to be able to archive events picked up by my snort IDSs. Now, I know that ACID has this functionality. But I also know that you have to have the database backend. Does anyone know if 1) the DB setup script that comes with the snort package will work for the "snort-archive" db?Yes, it will, but first you have to create the database. or 2) if there's a snort-archive db setup scriptthat I missed in the package?No, there is not. or 3) is there a 3-rd party script somewhere out there in userland?There could be, but I'm not aware of one.I'm not the most savvy mysql DBA, so it would be non-trivial for me to try to set up the db myself.Then you're going to have to start reading. Mysql.com has very good documentation, or you can buy a book on mysql. To create a database, you log in to mysql: % mysql -u root -p (you'll be prompted for the password) Once you've logged in successfully, you'll need to create the database: mysql > create database snort_archive; (or whatever you want to name it) Then you have to grant rights to the database to the user that will be logging in: mysql > grant select,insert,create,delete on snort_archive.* to user@localhost; Then exit: mysql > quit; Then you can create the tables for the database like this: % mysql -u root -p snort_archive < /path/to/create_mysql The create_mysql script comes with the snort distribution.Any guidance would be appreciated.Hope this helps. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
Paul, those were exactly the steps that I followed, but I gleaned the instructions from this site: http://www.bigwebmaster.com/General/Howtos/Snort-Statistics-HOWTO/configuration.html Worked like a charm. I just had to give google the right search string. Thanks for the tips tho. ;) -- Charlie Heselton Network Security Engineer ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Archive Database Creation Script Charles Heselton (Jul 30)
- Re: Snort Archive Database Creation Script Paul Schmehl (Jul 30)
- Message not available
- Re: Snort Archive Database Creation Script Charles Heselton (Jul 31)
- Re: Snort Archive Database Creation Script Alejandro Flores (Jul 31)
- Re: Snort Archive Database Creation Script Charles Heselton (Aug 01)
- <Possible follow-ups>
- Re: Snort Archive Database Creation Script Charles Heselton (Jul 30)